November 2024
Application Features
New Features
Asset Unmerging/Reassignment
Summary: We are pleased to introduce a new feature that allows users to manually unmerge or reassign assets directly within the platform. This enhancement empowers users to manage assets more flexibly by modifying how asset data is aggregated based on the platform’s existing merge settings.
Key Enhancements:
- Manual Asset Unmerging: Users can now independently execute the unmerging of assets. This feature is accessible via the individual assets page, Technical Details and IP Address entries, where users can select assets to “Unmerge” according to their needs.
- Asset Reassignment: Once the assets have been unmerged, these assets will be available within the Ungrouped assets tab in the main assets page to be reassigned.
User Story: In our platform, assets are typically merged based on user-defined settings to ensure that recurring assets from subsequent tests or scans are combined into a single asset entry. Users can now access a drop-down menu for each asset to select the unmerging option. A warning will inform users that this action applies uniquely to assets that do not comply with the current merge rules. Upon confirmation, the platform will queue and process the job, notifying the user once complete.
Acceptance Criteria:
- Asset Unmerge: Users should be able to select the unmerge option for assets, with the platform processing this request in the background. A notification or toast message will confirm that the unmerge job is queued and will inform the user upon completion.
Enhancing Asset Management Flexibility: This new feature provides users with the tools necessary to adjust how asset data is compiled and displayed, reflecting the dynamic nature of asset management. By enabling manual asset unmerging and reassignment, we enhance the platform’s usability and ensure that users can tailor the asset management process to better fit their operational needs.
Platform Improvements
Uniform Date-Based Accept Risk Options
Summary: We are standardising the availability of date-based ‘Accept Risk’ options across all relevant parts of the platform. This update addresses the current inconsistency where date-based risk acceptance settings are available in the phase at an issue level but not in the main Issues view or when accepting risk for an affected instance.
Key Enhancements:
- Consistent Risk Acceptance Options: The ‘Accept Risk’ modal, including date-based settings, will now be consistently available wherever risk status changes can be applied, whether at the issue level, main Issues view, or for an affected instance.
- Enhanced User Experience: By standardising the interface and options available for accepting risk, users will benefit from a more predictable and streamlined process across the platform.
Affected Platform Area: This improvement impacts the main Issues view, phase issue management, and the modals used for changing the status and accepting risk across the platform.
User Story: As a user managing risk acceptance across various phases and projects within the platform, I need the ability to set date-based options for accepting risk consistently across all platform areas. This ensures that risk management is handled uniformly and effectively without the need to navigate different interfaces or options depending on where I am in the platform.
Acceptance Criteria:
- The ‘Change Status’ and ‘Accept Risk’ modals across the platform must offer consistent date-based risk acceptance options.
- Users should experience no variability in how risk is accepted across different views or instances within the platform.
Streamlining Risk Management Processes: This improvement is aimed at enhancing the functionality and user-friendliness of risk management within Platform. By ensuring that date-based accept risk options are uniformly available throughout the platform, we simplify the user experience and support comprehensive, consistent risk management practices.
Optimized SLA Management and Storage
Summary: To enhance platform performance and streamline the handling of Service Level Agreements (SLAs), we have updated the platform to store SLA deadlines directly in the database instead of generating them on demand. This change addresses performance bottlenecks previously experienced during bulk operations and one issue or asset queries where SLA generation was dynamically executed.
Key Enhancements:
- Database-stored SLA Deadlines: SLA deadlines for issues are now pre-calculated based on existing logic and stored in the database at the time of issue publication.
- Optimized SLA Handling for MVS Issues: For Vulnerability Scanning (MVS) issues, SLAs are determined based on the oldest parent to ensure consistency and historical accuracy.
- Dynamic SLA Regeneration: When an issue is recast with a new risk rating, the SLA is automatically regenerated to reflect the updated conditions. Additionally, comprehensive logic is implemented to regenerate SLAs for all issues within a table when company or project-specific SLA settings are enabled or modified.
- Improved Query Performance: By retrieving stored SLA values instead of generating them on-the-fly, queries in the Asset Meta, One Issue User, Compliance, and Project Stats are significantly faster and more efficient.
Affected Platform Area: This improvement impacts several areas including Issues, Asset Meta, One Issue User Generation, Compliance Dashboard, and Project Stats.
User Story: As a user managing compliance and project oversight, I require quick and reliable access to SLA data across various reports and dashboards. Previously, the dynamic generation of SLAs could slow down my workflow, especially when dealing with large datasets. With the new system, I can expect faster load times and more responsive interactions with the platform.
Acceptance Criteria:
- Child issues should inherit the correct SLA dates from their parents and trigger SLA regeneration when overarching SLA parameters are changed.
- All system areas that utilize SLA data must seamlessly pull this information from the database, ensuring accuracy and efficiency in reporting and compliance checks.
Enhancing Efficiency and Data Integrity: This upgrade not only improves the responsiveness of the platform but also ensures that SLA data is handled more efficiently, maintaining integrity across the system. By storing SLA information in the database, we minimize computational overhead and enhance the overall user experience, especially in compliance-driven environments.
Operational Features
New Features
Configurable Columns for Tenant Overview Dashboards
Summary: To enhance the customization and relevance of dashboard views across different user roles, we are introducing the ability to configure columns at the tenant overview level. This improvement allows users to tailor the information displayed on various dashboards according to their specific needs and preferences, improving usability and efficiency.
Key Enhancements:
Customizable Dashboard Views: Users can now adjust the columns displayed on several key dashboards at the tenant overview level, including State of Play, QA Reports, Tenant Overview, Current Tests, and Previous Tests.
Role-Specific Configurations: Whether a user is a Project Manager, Penetration Tester, or part of the Sales team, they can configure dashboard views to better suit their role-specific requirements.
Persistent User Settings: Configurations are saved within the database, ensuring that each user’s custom settings are preserved and consistently presented every time they log in.
User Story: As a user, I need the flexibility to configure dashboard columns to align with my role and daily responsibilities. This capability will allow me to see the most relevant data without navigating through unnecessary information, enhancing my productivity and effectiveness.
Acceptance Criteria:
Users should be able to easily configure the columns on specified dashboards within the tenant overview.
The platform must save these configurations to the database, allowing for a personalized and consistent experience across sessions.
Configurable columns should be available for the State of Play, QA Reports, Tenant Overview, Current Tests, and Previous Tests (Pen Testers) dashboards.
Enhancing Customization and Relevance: This improvement is designed to empower users by providing them with tools to customize their workspace according to their specific needs. By enabling configurable columns across various dashboards, we enhance the user experience, making the platform more adaptable and aligned with individual preferences and job functions.
Platform Improvements
Enhanced Detail in License Expiration Notifications
Summary: We have updated the email notifications for impending client enterprise license expirations to include more specific details, such as the client’s name. This enhancement aims to streamline the notification process and reduce the need for unnecessary logins and checks for security providers.
Key Enhancements:
Detailed Notifications: The email titled “A Client’s Enterprise License is Coming to an End” will now include the client’s name in the email. This change ensures that recipients can immediately identify which client’s license is expiring without needing to access the platform.
Efficient Communication: By providing more details in the notification emails, we minimize the workload on security providers, allowing them to focus on renewal outreach more efficiently.
Affected Platform Area: This update affects the notification system, specifically the emails sent to the nominated email list regarding client license expirations.
User Impact: Previously, security provider members received generic notifications about client license expirations, requiring them to log into the platform to identify the affected client. This process was inefficient, prompting a need for a more streamlined approach.
Acceptance Criteria:
Notification emails about client license expirations must include specific client names and any relevant details to identify the account quickly.
Recipients should be able to understand from the email itself which client’s license is nearing expiration, reducing the necessity for multiple team members to access the platform for this information.
Enhancing Operational Efficiency: This improvement is part of our commitment to enhancing operational efficiency and user experience. By refining how expiration notifications are communicated, we help our security providers manage renewals more effectively, ensuring they have the information needed at their fingertips. This update is a direct response to user feedback and illustrates our dedication to continuous platform improvement.
Enhanced Navigation for Tagged Comments
Summary: We have updated the navigation functionality for notifications regarding tagged comments to address the challenge of locating specific comments tagged within the QA modal. The enhancement simplifies the process by directly linking the notification to the QA modal of the relevant phase, where the tagged comment is displayed.
Key Enhancements:
Direct Access to Tagged Comments: The ‘Learn More’ link in notifications now directly opens the QA modal on the specific phase that includes the tagged comment. This update eliminates the need to manually search through various sections or comments.
Streamlined User Experience: By providing a direct link to the QA modal, users can quickly and efficiently locate and respond to tagged comments, enhancing workflow and communication within the platform.
Affected Platform Area: This improvement impacts the Notification Centre and the way notifications are handled for comments tagged within the QA modal.
User Story: Previously, when notified of being tagged in a comment, locating the exact comment was cumbersome, especially if it was within the QA tree. Now, with the updated link, clicking ‘Learn More’ in the notification immediately brings up the QA modal for the relevant phase, showing me the comment I need to see.
Acceptance Criteria:
Notifications for tagged comments must include a link that when clicked, opens the QA modal directly to display the comment.
The link should ensure users are taken precisely to the comment’s location, reducing navigation time and enhancing the platform’s usability.
Enhancing Comment Accessibility and Efficiency: This targeted update to the navigation of tagged comments within notifications ensures that users can access relevant discussions quickly and without hassle. By streamlining the process of locating tagged comments, we improve the overall effectiveness of the platform’s communication and collaboration features.
Numerous Bug Fixes for Improved Performance and Accuracy
Summary: We have implemented a series of bug fixes aimed at enhancing the overall performance and accuracy of our platform. These updates resolve various issues to ensure a smoother and more reliable user experience.
Details:
Enhancements across major system components including asset management, user interface, and reporting features.
Users can expect increased stability and faster performance.
