Upcoming Feature - Workflow Enhancements

Summary: High-level overview of the upcoming workflow enhancements. Updated 8/20/2020.

Overview

The upcoming workflow enhancements expand RiskSense’s workflow usability to reflect current usage and desired capabilities from customer interviews and feature requests. This project updates the four workflow types: Severity Change, False Positive, Remediation and Risk Acceptance.

Workflow Enhancement Goals

  • Roll out a new card view design with several updates and improvements.

  • Enhance the feature using customer-sourced use cases, pain points, and challenges.

  • Continue to build on market-differentiating features that RiskSense users have come to rely on.

  • Adjust the menus to accommodate this new view and align things from feedback in easier-to-find locations.

  • Provide an easier-to-use and more functional feature.

Sample Customer Use Cases and Pain Points

  • I need the ability to see what is about to expire so I can properly prepare for them.

  • I really want the ability to easily find items that have expired in the platform.

  • Can I have the ability to see the impact of a risk acceptance request in terms of assets, findings, and/or RCE/PE?

  • How can RiskSense make it easy to ensure that performing an operation on 7,000 findings is something that can be approved/rejected/reworked together by the appropriate person and tracked easily?

  • As a heavy user of your workflow system, I find it difficult to manage the approval and rejection of items since they are not grouped based on the request.

  • Once I receive an email about an expiration and I login to the platform, I have no way to search for those expired items.

  • It is critical to my organization that I quickly and easily understandwhat each data ingestion (upload/connector) that manipulates findings (reworks/remediates) has done regarding my vulnerabilities for review in my Monday morning Ops meeting.

  • When I am rejecting/reworking a workflow, I really need to see the information from the request so that I can easily input the correct reason for my action.

New Workflow Features

Requester

  • Name workflows for easier understanding and identification of workflows.

  • View all workflow history, even after they expire or are rejected.

Approver

  • Perform bulk workflow actions that are quick and easy for the approver to evaluate and approve together.

  • Easily approve workflows from various users with little to no extra work involved to find and identify them.

  • Have more information available when performing approve/reject/rework actions on workflows.

Both

  • Allow multiple workflows to be associated with a finding.

  • New workflows page allows for easy consumption of the actions all users are taking on your vulnerability data.

  • Easily find upcoming workflow expirations.

  • Easily find expired workflows.

  • Easily referenceable, system-generated workflow identifiers aid external system references such as documentation, emails, text messages, exports, and metric reporting.

  • See the impact of a workflow in terms of assets and findings.

  • Easily identify workflows upon receipt of expiration email.

  • Find and track exactly what any upload or API integrationhas done in terms of reworking (opening) findings.

  • Find and track exactly what any upload or API integration has done in terms of closing

  • Easily add to an existing workflow.

  • Easily copy any workflow.

  • Updated look and feel for pop-ups for a better user experience.

Changes to the Requester/Approver Process

Requester

  • Add items to a previously submitted workflow easily.

  • Copy a workflow easily to quickly perform actions that previously required a lot of manual work to recreate a previous workflow.

Approver

  • Workflow approvals now done from a redesigned, easy to use Workflow page that shows workflows in a quick, understandable view.

  • Workflow actions are easy for each workflow request regardless of the finding count, with no searching required.

  • More information is now available while performing approve/reject/rework workflow actions.

Both

  • Removal of filters previously used for the old workflow system (State & Severity Change State) on the findings pages. Six new filters will be available.

  • Workflows now have a new page to search, filter, and identify in one easy place.

  • System generated IDs for workflows now available for easy tracking and filtering.

    • E.g., RA#0003401, FP#0004275

  • Workflow titles allow users to easily express the purpose of a workflow.

    • E.g., “Java Update Patching Exception”

  • New easy-to-use filters are available for various workflows properties from both the workflows and findings pages.

    • E.g., “Workflow Type”, “Workflow Expiration Date”, etc.

  • Creating a workflow from the findings page has a redesigned menu with far less options that is easier to use.