The Administrator role

Managing users

Enabling / disabling sign ups

Working with teams

Working with projects

The Instance-wide Trash

Integration and Tool Manager

Project Scheduler

The Business Intelligence Dashboard

The Remediation Tracker

The Mappings Manager

The Rules Engine

The IssueLibrary

Report templates

Report template properties

Note templates

Project templates

Methodology templates

Kit Uploads

System settings

Upgrading the app

Customizations and Configurations

Re-encrypt your LUKS-encrypted disk and generate a new volume key

Automatically unlock your LUKS-encrypted drive

Change your LUKs-encrypted drive's passphrase

Change default CIC password

Set up SSL certificates so that upgrades won't override them

Set up SSL certificates with Let's Encrypt

Increase the number of puma threads

Increase the number of export worker processes

Set maximum login attempts

Increase session timeout period

Usage analytics sharing

Configure the mail server

Configure the Burp-Dradis Extension

Connecting Dradis to MediaWiki

Enable extra import add-ons

API basics

Teams endpoint

Users endpoint

Projects endpoint

Nodes endpoint

Issues endpoint

Evidence endpoint

Content Blocks endpoint

Notes endpoint

Attachments endpoint

Document Properties endpoint

Methodologies endpoint

IssueLibrary endpoint

Intro to the Command Line Interface

User's guide to the Dradis Console

Upload tool output from the command line

[scripting] Find projects with XSS issues

[scripting] Find Issues added in the past 24 hours

[scripting] Statistics on Issues and Projects

[scripting] From Nessus output to custom report

[scripting] Update your IssueLibrary entries

Intro to the BI Dashboard

Custom Team Properties

Custom Project Properties

From Properties to Metrics

Trend Analysis

Intro to Liquid Gateway Themes

Creating Liquid Gateway Themes

Using Liquid Gateway Themes

  1. Support Home
  2. Collaborate
  3. Working with projects
  4. Adding issues and evidence

Adding issues and evidence

This page contains:

One of the key concepts in any security assessment is the vulnerability, weakness or finding.

We separate the information about each finding in two concepts:

The Issue
Contains general information about the problem, such as: Title, Description, Recommendation, CVEs, Reference URLs, etc.
The Evidence
Details that change from one instance of the problem to the next: port number, specific versions, output of tools (e.g. the list of SSL ciphers, etc.)

Find / add Issues and Evidence:

  • All the Issues in the project can be found under the All issues link near the top of the sidebar.
  • Each piece of Evidence can be found in the corresponding node of the tree.

Fields

As of v3.7.0 of Dradis, we have both a Fields view and a Source view for the editor pane. In the Fields view you can add fields with the + Add field button to have the structure automatically applied.

In the Source view you can use the #[ ... ]# syntax to define fields in your content. For example, the content below has Title and Description fields.

You're free to use any fields you want. Fields are useful to structure your content, and they will be useful when generating a report (see the Export results section).

Rich text, the right way

You can use some Textile markup in your content. You can type in the formatting manually, or use the editor menu to insert the formatting for you by clicking the appropriate icon. The preview pane on the right will show what the rendered results will look like as you type:

There are also Inline help and Full-screen mode buttons in the editor toolbar on the right.

A concrete example

Say you find an Out-of-date Apache vulnerability that affects 2 different hosts (port tcp/80 in host 10.0.0.1 and ports tcp/80 and tcp/443 in 10.0.0.2).

You will have one Issue describing that an outdated version of Apache was found, and three pieces of Evidence with the details of each instance of the problem.

Add the Issue

First lets add the Issue. Click on All issues on the sidebar, and on the + sign to add a new issue:

Provide the issue details:

Now create the nodes that will represent the affected servers:

Add the Evidence from the Node

Next, the evidence. We start with 10.0.0.1:

And provide some content. Make sure you select the right Issue from the drop down:

Repeat the same process to add the evidence for 10.0.0.2. Remember that you'll need to add two pieces of evidence:

  • One for tcp/80
  • One for tcp/443

When you go back to All issues, you can now see all the information about the vulnerability along with the specifics for the three different instances identified:

Add Evidence from the Issue

We've already seen how to add Evidence from the affected host. You can also add Evidence directly from the Issue instead. Open the Evidence tab on any Issue in your project and click New Evidence and select the default fields, a Note template, or a blank Evidence document.

You will be taken to a new view with columns on the left to select multiple existing Nodes on your project, and are able to create multiple instances of Evidence at the same time. Alternatively you can copy/paste a list of hosts (each on a separate line) into the middle column to create new Nodes in your project, each with an instance of Evidence tied to this Issue. You can also choose where to place your new Nodes.

Underneath you can fill out the fields of your Evidence as you would otherwise.

Move Evidence

You can move Evidence from one Node to another if necessary. To do so, go the Evidence you want to move, click on the dots menu, then from the dropdown select Move.

Select the Node to which you want to move this piece of Evidence and click the blue Move button.

Final note about Issue / Evidence separation

Over the years, we've found this is the most general way to report your findings. But, as with everything else in Dradis, this is up to you.

You are free to split information in Issue / Evidence, or you can include all the information in your Issue. It depends on how you want to present the results in your report.

For example, if the scope of the test is a single host, you may not want to bother with splitting Issue from Evidence.

Next help article: Liquid Dynamic Content →

Streamline InfoSec Project Delivery

Learn practical tips to reduce the overhead that drags down security assessment delivery with this 5-day course. These proven, innovative, and straightforward techniques will optimize all areas of your next engagement including:

  • Scoping
  • Scheduling
  • Project Planning
  • Delivery
  • Intra-team Collaboration
  • Reporting and much more...

Your email is kept private. We don't do the spam thing.