Workflows: Overview

A high-level overview of the general workflow process.

RiskSense provides users with the tools to monitor remediation efforts and evaluate the progress and overall impact on the organization’s security and risk. RiskSense’s workflows allow users to track and manage their vulnerabilities, place vulnerabilities in more than one workflow, view comprehensive workflow history, and manage all workflows from one convenient location: the Workflows page.

The RiskSense platform follows specific naming conventions to identify the current workflow type and progress on particular vulnerability actions. The following diagram provides a high-level graphical representation of the workflow process.

Workflows - Infographic

As a vulnerability moves through the workflow, it reflects a different status for each step in the process. There are four workflow action types users can apply to findings:

  • False Positive: While vulnerability scanners can reliably identify flaws, misconfigurations, weaknesses, and missing patches, they are not infallible. For cases where a scanner identifies vulnerabilities that are confirmed to not be present upon manual investigation, the RiskSense platform provides an option to mark those findings as a False Positive.
  • Risk Acceptance: The risk acceptance workflow serves as an acknowledgment that after evaluating vulnerabilities, the cost to remediate these vulnerabilities is higher than the risk posed by the vulnerabilities. For cases where an organization accepts risk from vulnerabilities, the RiskSense platform provides an option to mark those findings as a Risk Acceptance.
  • Remediation: The remediation workflow serves as an acknowledgment that vulnerabilities have been either fixed or removed. For cases where an organization remediates vulnerabilities, the RiskSense platform provides an option to mark those findings as a Remediation.
  • The Severity Update workflow updates the severity level of findings due to increased/decreased risk within a specific environment.

The RiskSense Update Remediation by Assessment function will not impact the status of findings marked as Closed via the approval of False Positive or Risk Acceptance workflows. Once an Acceptance or False Positive workflow is approved, each of its constituent findings will remain in the Closed status until the workflow’s expiration date passes, no matter how often Update Remediation by Assessment is run against subsequent Assessments that contain evidence of those scanner findings. By contrast, findings closed via approval of a Remediation workflow will be moved back to a status of Open if the vulnerabilities appear in a later assessment upon the following invocation of Update Remediation by Assessment.