ffquintella / netrisk Goto Github PK

Create docker images for the installation process

Within a vulnerability window, possibility to scroll or resize the risks field to see the full text of a risk

Possibility to include values in the list of technologies (such as Apache). This way you can also remove/rename duplicates (such as “Web portal”) at the moment

Within the record of a given vulnerability, when associating a "Tecnologias" or "Computador", it would be interesting to display the respective lists in alphabetical order to facilitate the search

After you first edit a Vulnerabilidade in NetRisk, associate the Risco and save. When I re-edit the Vulnerabilidade, it is without the associated risk.

To work around it I re-edit the Vulnerabilidade. It works, but I notice that it associates timedate with the "Última detecção" field

Within a Vulnerabilidade, I can already associate a Computador, but it would be interesting to also associate an Aplicação and a Porta (when applicable). There are cases of different web vulnerabilities reported for the same Computador, for example Apache Docker applications running on the same Computador. Today we do not have the option of fields to link Application and Port, even manually.
In addition to the possibility of linking these fields, you can also display this information in the vulnerability table.

The tool already has intelligence that does not allow some vulnerability state changes, such as Rejeitada->Verificada or Ajuste solicitado->Verificada, but cases like this may be necessary to correct attribution errors

In any vulnerability record, when associating a "Tecnologias" or "Computador", it would be interesting to include a dynamic search, so that when typing, records that match the text typed are dynamically displayed

When making a change to any question, the "Guardar" option generates an error

An evaluated application may be associated with more than one server.
Possibility of informing more than one server when responding to an application evaluation.

Display the name of applications in the vulnerability table

Within the "Levantamento" window, possibility to edit the name of an "Avaliação". Not just create or delete

Within the record of a given vulnerability, it would be interesting to include the scan source (Nessus or SerucityScorecard), in case it is necessary to research further detection details

Possibility to change the status of several vulnerability records at once. For example: “Verificar” many vulnerabilities simultaneously

Inside Vulnerabilities. The sorting and filtering part seems to be generating some inconsistency.
Ex.:
- A descending sorting of Notas displays (disregarding duplicates) notas 28, 22 and 1 (first page)
- A descending sorting of Notas (applying the 'Score > 5' filter) displays (disregarding duplicates) notas 28, 22 and 6 (first page)

Instead of changing the atual risk to issue we created the vulnerability controll

A vulnerability related to an environment (for example, Operating System) can impact more than one application.
Possibility of associating more than one application with a vulnerability.

Create a database creation tool using the console client.

When trying to edit a “Processo de negócio”, the buttons are not visible for activation. The issue occurs in this area and not in others due to the number of “Unidades Organizacionais” displayed on the screen. Similar to Issue #34.

Error registering answers to questions in the Levantamento module. The message "Erro salvando as respostas" is displayed when clicking the "Guardar" button.
Probably related to ID == 0 for all added records

Risks needs to be associated to entities. And the GUIClient should offer possibilities to do so on the risk editing.

There should be an CRUD rest api to maintain business entities (entities related to business witch can represent, business process, business organizations, or assets)

Creates a reporting window to show custimizable reports

I found that an change in NetRisk, it may take time to be replicated to other users of the tool. Sometimes it is necessary for the other user to close and reopen the application. To facilitate collaborative work, this time could be reduced to the minimum possible.
Note: It was validated through the creation of a new “Entidade”

Creates a interface (under risks window) to upload download and delete associated files.

Search for a vulnerability by server name, rather than ID.
When the server name is known but not the hostid.

Creates the CRUD operations for files

The dynamic search for a risk in the "Risco" area is case sensitive and could be not to facilitate the search.

Using the tool, new needs for multiple simultaneous changes were identified.
Imagine handling many critical vulnerabilities from the same server and from the same owner. It is necessary to associate the same risks for all vulnerabilities simultaneously.

Including new fields for vulnerabilities (even if for manual input), sometimes this data that is already in the information sources report. Even if it is not possible to automate the filling of these fields at the moment, allow manual filling.
Ex.:
IP Associado
Porta Associada
Aplicação

Using version 0.73.1, I found that in the vulnerability editing window, the window size is not enough to display all fields and buttons (especially fields and buttons at the bottom of the window). As resizing is not enabled, these fields and buttons cannot be accessed

Include new fields in the Vulnerabilities table (Vulnerabilidades area) and enable filtering by these fields.

The suggested fields are:

• Computador (mainly)
• Time
• Tecnologia

Include foreing keys and rework the way we handle them on the app

Possibility of associating several computers with the same vulnerability. Case of applications associated with more than one server

When trying to add a new computer (either through the shortcut in the upper right corner of the system, or through the shortcut within the vulnerabilities area. EditHostDialog window) NetRisk is closed when clicking the "Guardar" button.
Searching later the computer is also not added to the base.

In vulnerabilities area, to facilitate the application of filters, it would be interesting give to table columns the same name displayed in table.
Ex.: If you want to search for a titulo, the filter would be "titulo == Redirect*"
Ex.: If you want to search for a nota, the filter would be "nota > 5"

Creates a screen to list and edit entities

Automatically mapping "Coputador" and "Tecnologias" based on feedback from sources

In the context of a vulnerability, when we remove a previously selected risk and click "Guardar," the change is not persisted. Upon revisiting the vulnerability, we observe that the risk is not disassociated.