High-level overview of the upcoming workflow enhancements in RiskSense. Updated 8/20/2020.
The upcoming workflow enhancements expand RiskSense’s workflow usability to reflect current usage and desired capabilities from customer interviews and feature requests. This project updates the four workflow types: Severity Change, False Positive, Remediation and Risk Acceptance.
Workflow Enhancement Goals
- Roll out a new card view design with several updates and improvements.
- Enhance the feature using customer-sourced use cases, pain points, and challenges.
- Continue to build on market-differentiating features that RiskSense users have come to rely on.
- Adjust the menus to accommodate this new view and align things from feedback in easier-to-find locations.
- Provide an easier-to-use and more functional feature.
Sample Customer Use Cases and Pain Points
- I need the ability to see what is about to expire so I can properly prepare for them.
- I really want the ability to easily find items that have expired in the platform.
- Can I have the ability to see the impact of a risk acceptance request in terms of assets, findings, and/or RCE/PE?
- How can RiskSense make it easy to ensure that performing an operation on 7,000 findings is something that can be approved/rejected/reworked together by the appropriate person and tracked easily?
- As a heavy user of your workflow system, I find it difficult to manage the approval and rejection of items since they are not grouped based on the request.
- Once I receive an email about an expiration and I login to the platform, I have no way to search for those expired items.
- It is critical to my organization that I quickly and easily understand what each data ingestion (upload/connector) that manipulates findings (reworks/remediates) has done regarding my vulnerabilities for review in my Monday morning Ops meeting.
- When I am rejecting/reworking a workflow, I really need to see the information from the request so that I can easily input the correct reason for my action.
New Workflow Features
- Name workflows for easier understanding and identification of workflows.
- View all workflow history, even after they expire or are rejected.
- Perform bulk workflow actions that are quick and easy for the approver to evaluate and approve together.
- Easily approve workflows from various users with little to no extra work involved to find and identify them.
- Have more information available when performing approve/reject/rework actions on workflows.
- Allow multiple workflows to be associated with a finding.
- New workflows page allows for easy consumption of the actions all users are taking on your vulnerability data.
- Easily find upcoming workflow expirations.
- Easily find expired workflows.
- Easily referenceable, system-generated workflow identifiers aid external system references such as documentation, emails, text messages, exports, and metric reporting.
- See the impact of a workflow in terms of assets and findings.
- Easily identify workflows upon receipt of expiration email.
- Find and track exactly what any upload or API integration has done in terms of reworking (opening) findings.
- Find and track exactly what any upload or API integration has done in terms of closing
- Easily add to an existing workflow.
- Easily copy any workflow.
- Updated look and feel for pop-ups for a better user experience.
Changes to the Requester/Approver Process
- Add items to a previously submitted workflow easily.
- Copy a workflow easily to quickly perform actions that previously required a lot of manual work to recreate a previous workflow.
- Workflow approvals now done from a redesigned, easy to use Workflow page that shows workflows in a quick, understandable view.
- Workflow actions are easy for each workflow request regardless of the finding count, with no searching required.
- More information is now available while performing approve/reject/rework workflow actions.
- Removal of filters previously used for the old workflow system (State & Severity Change State) on the findings pages. Six new filters will be available.
- Workflows now have a new page to search, filter, and identify in one easy place.
- System generated IDs for workflows now available for easy tracking and filtering.
- E.g., RA#0003401, FP#0004275
- Workflow titles allow users to easily express the purpose of a workflow.
- E.g., “Java Update Patching Exception”
- New easy-to-use filters are available for various workflows properties from both the workflows and findings pages.
- E.g., “Workflow Type”, “Workflow Expiration Date”, etc.
- Creating a workflow from the findings page has a redesigned menu with far less options that is easier to use.