Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Issue Tracker Show
1. I have removed the company logo and part of the site title from all pages. The user supplies their username and password.
2. Here the user has entered an incorrect password and has been alerted of their mistake.
3. Upon successful login the user is presented with a list of issues that are being tracked by the system. If I had more than 3 issues in the system we would see the pagination options.
4. Next, we'll click the VIEW button to look at the details of this particular issue. We can filter the issues by a particular system (also filter on issue initiator, etc.), click the Apply Filter button and then view issues that fit our requirements. Here I have filtered on issues from the Weapons Systems that have been initiated by myself.
5. Here we are viewing the details for issue number 3. Some of the details shown here were entered when this issue was created and some of the fields become populated later as the user adds comments, etc.
6. We've now scrolled down the page a little to view the section of the page where I can add a comment to this particular issue. I can also change the status of the issue and assign the issue to a particular individual, I may want to assign the issue to a developer for example so that the problem can be addressed. I've added a comment, changed the issue status to ASSIGNED and I've assigned the issue to Nick Webnow. Next I would click the 'Submit the changes' button to make the changes.
7. We can see that the Status column is now showing that the status has changed. We have a single green dot when the issue has been assigned, two green dots when a fix for the issue is in progress and three green dots when the issue has been fixed.
8. Here I've deselected all of the filters so that I can view all of the issues. Next I'll click the VIEW button alongside issue number 3 again so that we can review the comments.
9. We can see the comment that I added to the issue. The system automatically adds my user name and the time and date at which I submitted the comment.
10. If the user does not interact with the system for more than one hour they are locked out of the system. This is a little security feature as I didn't want someone who was not a user of the system to sit at the workstation of the logged-in user and have access. A genuine user simply has to click a link to return to the login page where they can login again.
11. Once the user has logged out they are returned to the login page where a message informs them that they are logged out.