Upcoming Feature - Workflow Enhancements
Summary: High-level overview of the upcoming workflow enhancements. Updated 8/20/2020.
Overview
The upcoming workflow enhancements expand RiskSense’s workflow usability to reflect current usage and desired capabilities from customer interviews and feature requests. This project updates the four workflow types: Severity Change, False Positive, Remediation and Risk Acceptance.
Workflow Enhancement Goals
-
Roll out a new card view design with several updates and improvements.
-
Enhance the feature using customer-sourced use cases, pain points, and challenges.
-
Continue to build on market-differentiating features that RiskSense users have come to rely on.
-
Adjust the menus to accommodate this new view and align things from feedback in easier-to-find locations.
-
Provide an easier-to-use and more functional feature.
Sample Customer Use Cases and Pain Points
-
I need the ability to see what is about to expire so I can properly prepare for them.
-
I really want the ability to easily find items that have expired in the platform.
-
Can I have the ability to see the impact of a risk acceptance request in terms of assets, findings, and/or RCE/PE?
-
How can RiskSense make it easy to ensure that performing an operation on 7,000 findings is something that can be approved/rejected/reworked together by the appropriate person and tracked easily?
-
As a heavy user of your workflow system, I find it difficult to manage the approval and rejection of items since they are not grouped based on the request.
-
Once I receive an email about an expiration and I login to the platform, I have no way to search for those expired items.
-
It is critical to my organization that I quickly and easily understandwhat each data ingestion (upload/connector) that manipulates findings (reworks/remediates) has done regarding my vulnerabilities for review in my Monday morning Ops meeting.
-
When I am rejecting/reworking a workflow, I really need to see the information from the request so that I can easily input the correct reason for my action.
New Workflow Features
Requester
-
Name workflows for easier understanding and identification of workflows.
-
View all workflow history, even after they expire or are rejected.
Approver
-
Perform bulk workflow actions that are quick and easy for the approver to evaluate and approve together.
-
Easily approve workflows from various users with little to no extra work involved to find and identify them.
-
Have more information available when performing approve/reject/rework actions on workflows.
Both
-
Allow multiple workflows to be associated with a finding.
-
New workflows page allows for easy consumption of the actions all users are taking on your vulnerability data.
-
Easily find upcoming workflow expirations.
-
Easily find expired workflows.
-
Easily referenceable, system-generated workflow identifiers aid external system references such as documentation, emails, text messages, exports, and metric reporting.
-
See the impact of a workflow in terms of assets and findings.
-
Easily identify workflows upon receipt of expiration email.
-
Find and track exactly what any upload or API integrationhas done in terms of reworking (opening) findings.
-
Find and track exactly what any upload or API integration has done in terms of closing
-
Easily add to an existing workflow.
-
Easily copy any workflow.
-
Updated look and feel for pop-ups for a better user experience.
Changes to the Requester/Approver Process
Requester
-
Add items to a previously submitted workflow easily.
-
Copy a workflow easily to quickly perform actions that previously required a lot of manual work to recreate a previous workflow.
Approver
-
Workflow approvals now done from a redesigned, easy to use Workflow page that shows workflows in a quick, understandable view.
-
Workflow actions are easy for each workflow request regardless of the finding count, with no searching required.
-
More information is now available while performing approve/reject/rework workflow actions.
Both
-
Removal of filters previously used for the old workflow system (State & Severity Change State) on the findings pages. Six new filters will be available.
-
Workflows now have a new page to search, filter, and identify in one easy place.
-
System generated IDs for workflows now available for easy tracking and filtering.
-
E.g., RA#0003401, FP#0004275
-
-
Workflow titles allow users to easily express the purpose of a workflow.
-
E.g., “Java Update Patching Exception”
-
-
New easy-to-use filters are available for various workflows properties from both the workflows and findings pages.
-
E.g., “Workflow Type”, “Workflow Expiration Date”, etc.
-
-
Creating a workflow from the findings page has a redesigned menu with far less options that is easier to use.