Retests Are
First-Class.
Same engagement. Separate timeline. Round 1, Round 2, Round 3 each open and close on their own dates, with their own attestor and evidence trail.
The Engagement Closed.
Three Findings Didn't.
The pentest is closed. The report has shipped. Three findings are still marked Not Resolved, and the engagement window expired yesterday.
So your team opens a new engagement to track the retest. Or extends the closed one and breaks the audit log. Or drops it into a spreadsheet next to the other things you're going to come back to.
The 30-day fix window starts on the day the engagement ends. The retest has to live somewhere, and the engagement that produced the finding is no longer the right container.
Retests don't fit inside a finished engagement. They never did.
Retests. A Record of Their Own. Built Into Neuron.
Neuron treats the retest as its own thing. Same engagement. Same findings. Separate timeline. Each round has dates, scope, an owner, an attestor, and an evidence trail. The original engagement stays closed.
Independent Rounds, Independent Dates
Round 1, Round 2, Round 3 plan and close on their own calendar. A fix slips, Round 2 pushes two weeks. None of it touches the engagement that closed in March.
Scope to the Findings That Need a Retest
Pick the exact findings the client elected to retest. The same finding can move across rounds. Round 1 marked Not Resolved, Round 2 marked Resolved. The progression is part of the record.
Proof-Based Outcomes
A finding is resolved when the original proof no longer works. Outcomes are explicit. Resolved, Partially Resolved, Not Resolved, Risk Accepted, No Retest Performed. No ambiguity at audit time.
Peer Cosign for Critical Fixes
Set a cosign policy by severity. Critical findings can require a second tester to verify before the round closes. Attestor and cosigner are tracked separately, with their own timestamps and comments.
Evidence Tailored to the Assessment
Web app retests ask different questions than AD retests. Configure custom fields and documentation sections per assessment type once in admin. The right form shows up per finding.
Round-Locked Audit Integrity
Once a round moves to ready for approval, completed, or cancelled, per-finding mutations are frozen. The audit history stays clean. Reopen a verified finding and the prior attestation is preserved, not overwritten.
Full QA Log of Every Retest Event
Every outcome change, cosign request, rejection, recall, and reopen is captured with actor, timestamp, and prior state. The auditor sees the full history. Nothing has to be reconstructed.
Plan. Attest. Close.
Three steps from the remediation window to a verified record.
Plan the Round
Create Round 2 with its own kickoff date, owner, and the findings the client elected to retest. Allocate testers the same way you allocate to an engagement.
Attest the Outcome
Record outcome per finding with evidence in the section the assessment requires. Critical fixes route to a cosigner for verification before the round closes.
Close the Round
Submit for review, approve, and complete. The QA log captures every event along the way, so the auditor sees the history, not a reconstruction.
More Feature Spotlights
Playbooks
Run your methodology against an assessment and track coverage as the work happens. OWASP WSTG, PTES, NIST 800-115, or your own.
Echo Up
Drop files onto a target box from just the shell you already have. Bash, CMD, or PowerShell.
Track Changes
Inline track changes on findings and briefs, attributed and timestamped. Approval blocked until resolved.
Briefs
The library for executive summaries, scope, and methodology. AI first pass on your engagement data.
Engagement Scheduling
The schedule lives where your engagements live. Drag to move, drop to reassign.
Findings Library
AI that pulls from your team's approved library instead of generating from scratch.
AI Reporting
On-premise AI for pentest reporting. Inference stays inside your network.
QA Pipeline
Finding-level QA built into the engagement workflow.
Workflow Integrations
Push findings into Jira and ServiceNow.
Collaborative AD Graphing
Multiple testers on one AD attack graph.
AD Attack Paths
Per-engagement AD datasets and attack graphs.
Client Portal
Structured finding delivery with live visibility.
Ready to Transform Your Security Practice?
See how Neuron helps security teams replace fragmented tools with a single platform for offensive security—bringing structure, visibility, and consistency to every engagement.
Platform