ffquintella / netrisk Goto Github PK
View Code? Open in Web Editor NEWNetRisk Risk Management App
License: GNU General Public License v3.0
NetRisk Risk Management App
License: GNU General Public License v3.0
Create docker images for the installation process
Within a vulnerability window, possibility to scroll or resize the risks field to see the full text of a risk
Possibility to include values in the list of technologies (such as Apache). This way you can also remove/rename duplicates (such as “Web portal”) at the moment
Within the record of a given vulnerability, when associating a "Tecnologias" or "Computador", it would be interesting to display the respective lists in alphabetical order to facilitate the search
After you first edit a Vulnerabilidade in NetRisk, associate the Risco and save. When I re-edit the Vulnerabilidade, it is without the associated risk.
To work around it I re-edit the Vulnerabilidade. It works, but I notice that it associates timedate with the "Última detecção" field
Within a Vulnerabilidade, I can already associate a Computador, but it would be interesting to also associate an Aplicação and a Porta (when applicable). There are cases of different web vulnerabilities reported for the same Computador, for example Apache Docker applications running on the same Computador. Today we do not have the option of fields to link Application and Port, even manually.
In addition to the possibility of linking these fields, you can also display this information in the vulnerability table.
The tool already has intelligence that does not allow some vulnerability state changes, such as Rejeitada->Verificada or Ajuste solicitado->Verificada, but cases like this may be necessary to correct attribution errors
In any vulnerability record, when associating a "Tecnologias" or "Computador", it would be interesting to include a dynamic search, so that when typing, records that match the text typed are dynamically displayed
When making a change to any question, the "Guardar" option generates an error
An evaluated application may be associated with more than one server.
Possibility of informing more than one server when responding to an application evaluation.
Display the name of applications in the vulnerability table
Within the "Levantamento" window, possibility to edit the name of an "Avaliação". Not just create or delete
Within the record of a given vulnerability, it would be interesting to include the scan source (Nessus or SerucityScorecard), in case it is necessary to research further detection details
Possibility to change the status of several vulnerability records at once. For example: “Verificar” many vulnerabilities simultaneously
Inside Vulnerabilities. The sorting and filtering part seems to be generating some inconsistency.
Ex.:
- A descending sorting of Notas displays (disregarding duplicates) notas 28, 22 and 1 (first page)
- A descending sorting of Notas (applying the 'Score > 5' filter) displays (disregarding duplicates) notas 28, 22 and 6 (first page)
Instead of changing the atual risk to issue we created the vulnerability controll
A vulnerability related to an environment (for example, Operating System) can impact more than one application.
Possibility of associating more than one application with a vulnerability.
Create a database creation tool using the console client.
When trying to edit a “Processo de negócio”, the buttons are not visible for activation. The issue occurs in this area and not in others due to the number of “Unidades Organizacionais” displayed on the screen. Similar to Issue #34.
Error registering answers to questions in the Levantamento module. The message "Erro salvando as respostas" is displayed when clicking the "Guardar" button.
Probably related to ID == 0 for all added records
Risks needs to be associated to entities. And the GUIClient should offer possibilities to do so on the risk editing.
There should be an CRUD rest api to maintain business entities (entities related to business witch can represent, business process, business organizations, or assets)
Creates a reporting window to show custimizable reports
I found that an change in NetRisk, it may take time to be replicated to other users of the tool. Sometimes it is necessary for the other user to close and reopen the application. To facilitate collaborative work, this time could be reduced to the minimum possible.
Note: It was validated through the creation of a new “Entidade”
Creates a interface (under risks window) to upload download and delete associated files.
Search for a vulnerability by server name, rather than ID.
When the server name is known but not the hostid.
Creates the CRUD operations for files
The dynamic search for a risk in the "Risco" area is case sensitive and could be not to facilitate the search.
Using the tool, new needs for multiple simultaneous changes were identified.
Imagine handling many critical vulnerabilities from the same server and from the same owner. It is necessary to associate the same risks for all vulnerabilities simultaneously.
Including new fields for vulnerabilities (even if for manual input), sometimes this data that is already in the information sources report. Even if it is not possible to automate the filling of these fields at the moment, allow manual filling.
Ex.:
IP Associado
Porta Associada
Aplicação
Using version 0.73.1, I found that in the vulnerability editing window, the window size is not enough to display all fields and buttons (especially fields and buttons at the bottom of the window). As resizing is not enabled, these fields and buttons cannot be accessed
Include new fields in the Vulnerabilities table (Vulnerabilidades area) and enable filtering by these fields.
The suggested fields are:
Include foreing keys and rework the way we handle them on the app
Possibility of associating several computers with the same vulnerability. Case of applications associated with more than one server
When trying to add a new computer (either through the shortcut in the upper right corner of the system, or through the shortcut within the vulnerabilities area. EditHostDialog window) NetRisk is closed when clicking the "Guardar" button.
Searching later the computer is also not added to the base.
In vulnerabilities area, to facilitate the application of filters, it would be interesting give to table columns the same name displayed in table.
Ex.: If you want to search for a titulo, the filter would be "titulo == Redirect*"
Ex.: If you want to search for a nota, the filter would be "nota > 5"
Creates a screen to list and edit entities
Automatically mapping "Coputador" and "Tecnologias" based on feedback from sources
In the context of a vulnerability, when we remove a previously selected risk and click "Guardar," the change is not persisted. Upon revisiting the vulnerability, we observe that the risk is not disassociated.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.