Upcoming Feature - Workflow Enhancements

High-level overview of the upcoming workflow enhancements in RiskSense. Updated 8/20/2020.

Overview

The upcoming workflow enhancements expand RiskSense’s workflow usability to reflect current usage and desired capabilities from customer interviews and feature requests. This project updates the four workflow types: Severity Change, False Positive, Remediation and Risk Acceptance.

Workflow Enhancement Goals

  • Roll out a new card view design with several updates and improvements.
  • Enhance the feature using customer-sourced use cases, pain points, and challenges.
  • Continue to build on market-differentiating features that RiskSense users have come to rely on.
  • Adjust the menus to accommodate this new view and align things from feedback in easier-to-find locations.
  • Provide an easier-to-use and more functional feature.

Sample Customer Use Cases and Pain Points

  • I need the ability to see what is about to expire so I can properly prepare for them.
  • I really want the ability to easily find items that have expired in the platform.
  • Can I have the ability to see the impact of a risk acceptance request in terms of assets, findings, and/or RCE/PE?
  • How can RiskSense make it easy to ensure that performing an operation on 7,000 findings is something that can be approved/rejected/reworked together by the appropriate person and tracked easily?
  • As a heavy user of your workflow system, I find it difficult to manage the approval and rejection of items since they are not grouped based on the request.
  • Once I receive an email about an expiration and I login to the platform, I have no way to search for those expired items.
  • It is critical to my organization that I quickly and easily understand what each data ingestion (upload/connector) that manipulates findings (reworks/remediates) has done regarding my vulnerabilities for review in my Monday morning Ops meeting.
  • When I am rejecting/reworking a workflow, I really need to see the information from the request so that I can easily input the correct reason for my action.

New Workflow Features

Requester

  • Name workflows for easier understanding and identification of workflows.
  • View all workflow history, even after they expire or are rejected.

Approver

  • Perform bulk workflow actions that are quick and easy for the approver to evaluate and approve together.
  • Easily approve workflows from various users with little to no extra work involved to find and identify them.
  • Have more information available when performing approve/reject/rework actions on workflows.

Both

  • Allow multiple workflows to be associated with a finding.
  • New workflows page allows for easy consumption of the actions all users are taking on your vulnerability data.
  • Easily find upcoming workflow expirations.
  • Easily find expired workflows.
  • Easily referenceable, system-generated workflow identifiers aid external system references such as documentation, emails, text messages, exports, and metric reporting.
  • See the impact of a workflow in terms of assets and findings.
  • Easily identify workflows upon receipt of expiration email.
  • Find and track exactly what any upload or API integration has done in terms of reworking (opening) findings.
  • Find and track exactly what any upload or API integration has done in terms of closing
  • Easily add to an existing workflow.
  • Easily copy any workflow.
  • Updated look and feel for pop-ups for a better user experience.

Changes to the Requester/Approver Process

Requester

  • Add items to a previously submitted workflow easily.
  • Copy a workflow easily to quickly perform actions that previously required a lot of manual work to recreate a previous workflow.

Approver

  • Workflow approvals now done from a redesigned, easy to use Workflow page that shows workflows in a quick, understandable view.
  • Workflow actions are easy for each workflow request regardless of the finding count, with no searching required.
  • More information is now available while performing approve/reject/rework workflow actions.

Both

  • Removal of filters previously used for the old workflow system (State & Severity Change State) on the findings pages. Six new filters will be available.
  • Workflows now have a new page to search, filter, and identify in one easy place.
  • System generated IDs for workflows now available for easy tracking and filtering.
    • E.g., RA#0003401, FP#0004275
  • Workflow titles allow users to easily express the purpose of a workflow.
    • E.g., “Java Update Patching Exception”
  • New easy-to-use filters are available for various workflows properties from both the workflows and findings pages.
    • E.g., “Workflow Type”, “Workflow Expiration Date”, etc.
  • Creating a workflow from the findings page has a redesigned menu with far less options that is easier to use.