I have a need to align a business that's using Znuny to the NIS2 directive, meaning that I must be able to log every access and activity, including username, source IP address, timestamp and actions.
These logs must be streamed to a SIEM also.
I also must be able to produce an activity report / audit trail such as:
- User X logged on from the IP address of z.z.z.z, he used MFA with this specific Identity Provider, on yyyy/mm/dd
- User X created ticket T... on yyyy/mm/dd
- User X updated ticket T... on yyyy/mm/dd
- User X performed administrative action blah.
...
My research indicates that due to the legacy software stack inherited from OTRS, and limited logging and reporting features, Znuny is the less preferred option for a business under NIS2 obligations. Yes, it can be integrated with various supporting systems and frameworks, and reports can be developed, however it requires significant manual configuration prone to human error, and must also enable debug-level logging forever to capture relevant data. Native support for compliance logging and reporting is limited compared to other options such as Zammad. At least that's what my research indicates.
Combine it with significant technical and usability challenges such as:
- the lack of support for small screens such as field engineers with mobile phones
- the use of deprecated integration features such as deprecated MS Teams webhooks (see https://doc.znuny.org/znuny/admin/webse ... ex.html#f1 which links to https://learn.microsoft.com/en-us/micro ... abs=dotnet)
- flexible and versatile, but convoluted configuration process leaves ample room for human error
- incomplete / scattered documentation
It's a great product from a functional point of view. However today that is insufficient. A software must also comply with legal requirements, as well as support the mobile workforce. A support technician on a long drive cannot stop and fire up his laptop to see his new tickets assigned while on the road. He should look them up on the phone without a heavily downscaled grid, endlessly zooming and scrolling left-right-up-down.
Where does Znuny stand on this specific topic? Are there any compliance-focused guides that can help navigate the legal aspects of the enterprise IT operations with regards to Znuny?
Thank you.