Pentest reporting your engineers will actually read
Write like Notion. Organize like a graph. One canvas for drafting, evidence, review and export. Visual org→BU→engagement tree with precise RBAC.
Notion-style editorVisual org treeRBACEvidence trailsOn-prem
Just imagine
It’s 2:10 a.m. You’re wrestling with Word styles, pasting screenshots, fixing table widths, chasing versions in email. The real work is done—but the report is the blocker. You should be shipping fast and safe.
What you deal with today
Document drag: narrative docs/PDFs force rounds of formatting over clarity.
Tool sprawl & template debt: Dradis/Ghostwriter/PlexTrac before you can write a sentence.
Evidence chaos: screenshots & PoCs scattered; copy-paste breaks auditability.
Access friction: either everyone gets the PDF—or no one does; per-BU/report access is hard.
Version roulette: Final_v7b_REALFINAL.docx slows the last mile.
What changes with Excalibur
▢
Write like Notion, cite like a lab notebook: modern editor with evidence bound to each finding.
▢
See the program as a tree: Org → Business Unit → Engagement → Report, drag-and-drop truth.
▢
Share exactly what’s needed: RBAC by report/BU/org; legal RO, engineers comment inline.
▢
One canvas for writing, review, export: approvals, mappings (ATT&CK/NIST/OWASP), 1-click exports.
▢
Repeatable & audit-ready: templates, immutable evidence trails, approver history.
▢
Private by design: on-prem/VPC, your keys, full audit trail.
How you get there
1
Start from a template (PCI/OWASP/red team/TTX) or import an existing report.
2
Draft in the editor—attach files, code, and tool output; artefacts are hashed & bound to findings.
3
Organize under the right BU; link shared controls/findings across engagements.
4
Assign access via RBAC; reviewers propose inline suggestions & checklists.
5
Publish & export (PDF/Docx/HTML); push tickets to Jira with bound evidence.
✓Private by design. Human review and audit trail on every sensitive step.
What success looks like
Time to report-ready drops from days to hours—less layout, more clarity.
Developers act faster: every claim has linked evidence they can re-run; MTTR falls.
Leaders see roll-ups by BU/org—systemic issues instead of point findings.
Auditors smile: immutable evidence trails, approver history, standard mappings.
Aligned with recognised practice (e.g., NIST SP 800-115, OWASP Testing Guide) and mapped to ATT&CK for shared language.
Pentest reporting your engineers will actually read
Write like Notion. Organize like a graph. One canvas for drafting, evidence, review and export. Visual org→BU→engagement tree with precise RBAC.
Notion-style editorVisual org treeRBACEvidence trailsOn-prem
Just imagine
It’s 2:10 a.m. You’re wrestling with Word styles, pasting screenshots, fixing table widths, chasing versions in email. The real work is done—but the report is the blocker. You should be shipping fast and safe.
What you deal with today
Document drag: narrative docs/PDFs force rounds of formatting over clarity.
Tool sprawl & template debt: Dradis/Ghostwriter/PlexTrac before you can write a sentence.
Evidence chaos: screenshots & PoCs scattered; copy-paste breaks auditability.
Access friction: either everyone gets the PDF—or no one does; per-BU/report access is hard.
Version roulette: Final_v7b_REALFINAL.docx slows the last mile.
What changes with Excalibur
▢
Write like Notion, cite like a lab notebook: modern editor with evidence bound to each finding.
▢
See the program as a tree: Org → Business Unit → Engagement → Report, drag-and-drop truth.
▢
Share exactly what’s needed: RBAC by report/BU/org; legal RO, engineers comment inline.
▢
One canvas for writing, review, export: approvals, mappings (ATT&CK/NIST/OWASP), 1-click exports.
▢
Repeatable & audit-ready: templates, immutable evidence trails, approver history.
▢
Private by design: on-prem/VPC, your keys, full audit trail.
How you get there
1
Start from a template (PCI/OWASP/red team/TTX) or import an existing report.
2
Draft in the editor—attach files, code, and tool output; artefacts are hashed & bound to findings.
3
Organize under the right BU; link shared controls/findings across engagements.
4
Assign access via RBAC; reviewers propose inline suggestions & checklists.
5
Publish & export (PDF/Docx/HTML); push tickets to Jira with bound evidence.
✓Private by design. Human review and audit trail on every sensitive step.
What success looks like
Time to report-ready drops from days to hours—less layout, more clarity.
Developers act faster: every claim has linked evidence they can re-run; MTTR falls.
Leaders see roll-ups by BU/org—systemic issues instead of point findings.
Auditors smile: immutable evidence trails, approver history, standard mappings.
Aligned with recognised practice (e.g., NIST SP 800-115, OWASP Testing Guide) and mapped to ATT&CK for shared language.