A high-level overview of the general workflow process.
RiskSense provides managers and group managers with the tools to monitor remediation efforts and evaluate the progress and overall impact on the organization’s security and risk. RiskSense’s workflows allow users to track and manage their vulnerabilities, place vulnerabilities in more than one workflow, view a comprehensive workflow history, and manage all workflows from one convenient location: the Workflows page.
The RiskSense platform follows specific naming conventions to identify the current workflow type and progress on specific vulnerability actions. The following diagram provides a high-level, graphical representation of the workflow process.
As a vulnerability moves through the workflow, it reflects a different status for each step in the process. There are four workflow action types users can apply to findings:
- False Positive: While vulnerability scanners can reliably identify flaws, misconfigurations, weaknesses, and missing patches, they are not infallible. For cases where a scanner identifies vulnerabilities that are confirmed to not be present upon manual investigation, the RiskSense platform provides an option to mark those findings as a False Positive.
- Risk Acceptance: The risk acceptance workflow serves as acknowledgment that after evaluating vulnerabilities, the cost to remediate these vulnerabilities is larger than the risk posed by the vulnerabilities. For cases where an organization accepts risk from vulnerabilities, the RiskSense platform provides an option to mark those findings as a Risk Acceptance.
- Remediation: The remediation workflow serves as an acknowledgement that vulnerabilities have been either fixed or removed. For cases where an organization remediates vulnerabilities, the RiskSense platform provides an option to mark those findings as a Remediation.
- The Severity Update workflow is used to update the severity level of findings due to increased/decreased risk within a specific environment.