Syslifters
[Feature Request] Custom Tags in "Finding Template" and the possibility to store/save/delete them.
As we have nearly the possibility to change everything and save that, why not the Custom Tags in the "Finding Template"?
Like so:
to get smth like this:
Those fields are in different data structures, so this will unfortunately not be possible to do.
Tags are metadata of the finding template and the fields inside are the contents.
It could, however, be possible to store static tags in the database that can be customized system-wide (per installation).
It is already possible to add custom tags to templates. Type the tag name in the "tags" field and apply with enter. There is no autocomplete for custom tags, though.
Custom tags are displayed in the template list. You can also search for tags by entering the tag name in the searchbar.
It is already possible to add custom tags to templates. Type the tag name in the "tags" field and apply with enter. There is no autocomplete for custom tags, though.
Custom tags are displayed in the template list. You can also search for tags by entering the tag name in the searchbar.
As you can see, I use this in my Picture, but I thought it would be nice to have them saved somewhere and have them stored there.
What is your use case for storing tags?
- Suggestions for previously used custom tags in templates?
- Use tags in findings and report rendering in PDFs?
What is your use case for storing tags?
* Suggestions for previously used custom tags in templates?
Yes. Exactly this. Would be easier that way to find out if a tag already "exits" and stay consistent with tag assignment. And Sysreptor comes with pre-defined tags we might not use and want to remove "clutter".
* Use tags in findings and report rendering in PDFs?
Not as of yet. Interesting idea though.
Ok thank you. Now I understand.
Showing tag suggestions has been on our feature list for some time (since we added tags), but we haven't come to implement it yet.
Related to #75
Personally I thought about requesting this but thought I might be the only one, but ideally my use case for tags would be: If I could tag findings with an "encryption", "web based", or "core infrastructure" tag it would be nice if I could then just make a basic table for all encryption findings (TLS 1.0, SSL expired, weak cyphers, telnet in use, etc), another table for web stuff (out of date apache, php, HSTS not enabled, etc etc) with light info on those findings since they're all pretty obvious and generic fixes anyways
I could then have less finding clutter and those 'important' core findings (CVEs, AD CS, Kerberoastable users, etc etc) and they can get the detailed findings information as it is now. Usually those are the findings with proof screenshots and all that extra info
Personally I thought about requesting this but thought I might be the only one, but ideally my use case for tags would be: If I could tag findings with an "encryption", "web based", or "core infrastructure" tag it would be nice if I could then just make a basic table for all encryption findings (TLS 1.0, SSL expired, weak cyphers, telnet in use, etc), another table for web stuff (out of date apache, php, HSTS not enabled, etc etc) with light info on those findings since they're all pretty obvious and generic fixes anyways
I could then have less finding clutter and those 'important' core findings (CVEs, AD CS, Kerberoastable users, etc etc) and they can get the detailed findings information as it is now. Usually those are the findings with proof screenshots and all that extra info
I think this use case might be easiest to implement by defining a finding field. I think that a combobox field type might be most suitable because it allows you to define suggested values...
...and allows the pentester to still use a custom value.
Implemented in https://github.com/Syslifters/sysreptor/releases/tag/2025.83
Previously used tags now get suggested in dropdowns for templates, projects, designs and when filtering for tags in list views.