Scheduled Report for Vulnerability Management
Introduction
Exporting vulnerability data is a key functionality for the security personas in ACS, but the current approach doesn't meet user needs. Users often face inconsistent CSV exports, with discrepancies in the data structure and its alignment with the UI. Additionally, PDF exports are essentially snapshots of the UI, offering little value for security professionals who need actionable insights. Simply exporting a screen print doesn’t surface the meaningful security findings these users rely on to make informed decisions. Traditional methods of vulnerability reporting often involve static, inflexible PDF reports that provide limited insight into the underlying details of vulnerabilities which are difficult to access, analyze, and share.
To tackle these challenges, we have revamped the Vulnerability Reporting workflows by rethinking how vulnerability data can be exported based on various use cases. This solution enables users to easily schedule, generate, and access customized reports, offering the clarity and flexibility required to make informed decisions with ease.
Challenges
The Vulnerability reports have been confined to static, inflexible PDF files that introduced the challenges below:
- Limited Customization: Rigid export formats hindered your ability to tailor reports to users' specific needs.
- Inconsistent Data: Errors and inconsistencies in CSV exports compromised the reliability of users' analysis.
- Misaligned Expectations: The gap between CSV data and UI representations led to confusion and frustration.
Approach and Process
We've taken a comprehensive approach to address these challenges and deliver a solution that meets users' expectations:
Core Workflows:
- Create a Report: [view prototype]
- Design and configure reports with precision.
- Select the specific vulnerabilities, severity levels, and timeframes you want to include.
- Schedule a Report: [view prototype]
- Set up automated report generation and delivery.
- Specify the frequency (daily, weekly, monthly) and delivery time.
- Choose the desired recipients for timely notifications.
- Edit a Report: [view prototype]
- Modify existing reports to adapt to changing requirements.
- Update filters of Vulnerability scope as needed.
- Ensure that your reports always reflect the latest information.
- Download a Report: [view prototype]
- Access reports in ad-hoc for easy analysis and sharing.
- Manage Reports: [view prototype]
- Organize and track reports for efficient access and reference.
- View a comprehensive overview of scheduled and past reports.
- Track the progress of scheduled reports.
- Easily search and filter reports based on specified report names.
- Clone, delete, and ad-hoc download a report.
Conclusion
These new workflows directly address the pain points associated with traditional printed screen vulnerability reporting. By providing a flexible, customizable, and efficient platform, we empower users to:
- Gain Deeper Insights: Uncover critical vulnerabilities and prioritize remediation efforts.
- Improve Decision-Making: Make informed decisions based on actionable data.
- Enhance Collaboration: Share insights and collaborate effectively across teams.
This solution represents a significant step forward in vulnerability management, providing a foundation for future enhancements and customization.
UX Analysis
While we've strived to deliver a user-friendly experience, certain design elements were not fully implemented due to the following constraints:
- Time Constraints: The MVP focused on core functionalities and took an incremental approach. This may have resulted in some use cases not being fully addressed. However, we are committed to building upon this solution to meet the evolving needs of our users.
- Resource Limitations: Allocated resources may have limited the scope of UX implementation.
- Technical Challenges: Certain UX features may have required significant technical effort or complex integrations.