Feature requests, bug fixes and logic decisions #35
Comments
|
Hey @HufferSec Thanks for the feedback! I'll try to address all your points. Finalized assessment locks consultants: Highlight color not working for scheduling: Custom fields not reflecting on existing items: You can however update an ongoing assessment with newly added custom fields without deleting it. You just need to "Edit" the assessment and save it after the fields are added. This might not be an ideal solution for you as it would require you to open all ongoing assessments and re-save them. Does this satisfy your requirements though or can we do this better? Finalized assessment cannot be reopened and Finalized assessment cannot be deleted: No overlap support for scheduling consultants:
Graph Support: Additional custom field support: I hope I was able to address all of your points and thanks again for all of the feedback, it's really helpful. |
|
Thanks for the detailed feedback, it helps a lot! RE the locked accounts, I think some documentation on this or making it clearer would be a workable solution. There is no clear indicator that they are not locked although I suppose I really should have tried it rather than assuming! The workaround for getting custom fields is fine for myself and it is a smart way of doing it but again possibly just needs to be documented or a tip on the custom fields section to inform you how to update it on existing projects would be good. The main thing for myself really would be the additional custom field data type support OR ability to extend it, so maybe the new additions could solve my issue by letting me customize it but what I wouldn't want is to rely on processing outside of the app which seems like what it might be based on the above but correct me if I'm wrong / I will see when the support comes out. Personally, I would be looking to have those extended support text windows with formatting options such as bold, highlight etc. The rest stated above where just considerations to be made. |
I have been playing around with a lot of different reporting tools as of late trying to find the best fit. I really enjoy the feel of faction but have the following issues. As the title states there is a mix of requests/questions!
Bug fixes:
Finalized assessment locks consultants
If an assessment is finalized early, the assigned consultants are not set to free. This is an issue as for bigger consultancies, you may have 3 specialists on the project for a few days of the overall scope just to complete their section but then they cannot be assigned to another project.
Highlight color not working for scheduling
Highlight color doesn't work for notes when scheduling (it does for all other places referenced as far as I could discover)
Scheduling:
Expected:
Custom fields not reflecting on existing items
Custom fields only reflect on newly scheduled projects and newly created vulnerabilities inside new projects. IE if I have a vulnerability template and a month later add 4 custom fields, I have to create a new template manually to add the new fields or likewise with an existing project, a client may request for x field adding but that would require deleting the scheduled assessment, creating a new one and importing all data manually to support it. The latter is an edge case, but the issue is still present.
Feature requests:
Additional custom field support
Custom fields support very limited types, consisting of string, bool and list. It would be great to get support for more complex data types. A big example would be supporting the large text boxes / markdown boxes that are contained through the reports. Past this 'object' support would be great. An example of where this could be used is in the likes of version control. Sysreptor offers this feature and it allows you to create for example a list of objects consisting of version number, consultant name, comment. That way with each new version you add an item to the list that generates the rest of the fields you require.
I think an amazing start would be to support the large text fields, but the object support would be super nice to have.
Graph support
Adding graphs into the report dynamically based on templates would be awesome. Specifically would be looking to great graphs based on the issues/vulnerabilities raised, such as number of vulnerabilities broken down by severity:
Logic decisions
There's a logic decisions that are neither bugs or features but maybe just something to raise to see peoples thoughts / if toggled support for them could be added to the config perhaps.
Finalized assessment cannot be reopened
We have cases where budgets clash and a client may not be able to schedule a retest assessment so we would consider the project complete. However, a few months later they will request a retest. Now we can use the docx we got from the initial reporting and manually update it but it would be great to be able to have a way to reopen a finalized assessment as opposed to creating a new assessment.
Finalized assessment cannot be deleted
Some clients in parts of the worlds have set requirements on data retention, this is a big EU issue. As it stands, not being able to delete a finalized report poses some problems as clients that fall out of that retention window would need to either be manually deleted from the DB or we would have to flush the data out entirely which isn't feasible with ongoing assessments.
No overlap support for scheduling consultants
This somewhat relates to the thoughts behind my bug fix request 'Finalized assessment locks consultants'. You are unable to assign a consultant to more than one project. I understand why the logic would dictate not doing this but in some cases its required. It would be good to be able to overlap these possibly with a warning message 'this consultant is assigned to x project on this date, are you sure...'.
Please note all these points where gathered over the weekend so I may have missed/overlooked stuff mentioned. If thats the case please direct me :).
The text was updated successfully, but these errors were encountered: