Results tagging

[commial]

I would like to have the possibility to tag scan results. That is to say, associate a tuple (scan, host, port) with one or more custom tags (for instance, strings).

For example, after a scan import, I would like to go through the results (by scrolling or filtering them) and tag some of them with To investigate, Funny, May be vulnerable, ...

Then, once this first pass done, it would be great to display only results which match a given tag or set of tags.
It could be a nice way to do team work on the same sample, and to quickly emphasize relevant information (for further investigation, report writing and so on).

In addition, an API to tag elements would be appreciated. I would like to be able to use an extern tool/module to parse scan results, and, for instance, tag elements with a known corresponding CVE (and go back to them later in the UI).

[p-l-]

Hi,

Thanks for this feature request. What would this feature allow that categories do not allow for now? (categories have been though a bit like labels)

Second question, would the label be linked to a scan result or to the IP address (and port)?

[commial]

If I correctly understand, a category is linked with a host.

To answer to both questions, I would like to be able to link the label with a port, for a given IP address, for a given scan result.
To my mind, the label does not aims to classify hosts (as category do), but each port independently.

For instance, given a scan result with two hosts up A & B, we could have:

Host A:
    Category: Server

    Ports:
        - 25
        - 80, label 'Vulnerable'

Host B:
    Category: Client

    Ports:
        - 135
        - 1337, label 'To investigate' 

That way, we have two independent levels for classifying elements.

[p-l-]

Works for me!

[p-l-]

So this is going to be a key (say label or category of each subdocument in ports).

The only problem I can see is to add the ability to modify the values from the Web UI (which would probably be convenient); the same thing will be used to modify the host categories.

[commial]

To my mind, two methods are conceivable:

• A menu to manage existing labels / categories (add / edit / remove). And then, a way to enable or disabled tags on hosts or ports. That way, the user does not need to enter over and over again the same tag name, with related errors. In addition, all tags used are quickly available.
• A menu to directly input a tag (like a pop-up / modal box ?), with less steps than the first choice.

An example of a possible visual rendering: http://vitalets.github.io/x-editable/demo-bs3.html.

By the way, my aforementioned example was not complete. I would like to be able to use multiple tags on a single port, for instance:
80: label 'Web', label 'Vulnerable'

PS: in my posts, by tag, I mean either category or label.