Summary: This page provides instructions for using the Transaction Investigation view in the Engineering Dashboard.
Accessible from the sidebar menu Top Riskiest Transactions tile, this view enables investigation of the transactions in the Application. Data is presented in a series of tables on the left and right hand side of the page enabling you to drill down from a Transaction with a high level of risk (i.e. objects) right down to the Violations themselves.or by clicking an object in the
Click to enlarge
The view functions in a very similar way to the Risk Investigation view. The default Health Measure used for this view is Robustness, but you can change this using the drop down list box in the top left corner:
The browser lists 50 Transactions per "page" sorted by the risk level (i.e. the Transaction Risk Index (TRI) value: TRI is an indicator of the riskiest transactions of the application. The TRI number reflects the cumulative risk of the transaction based on the risk in the individual objects contributing to the transaction. The TRI is calculated as a function of the rules violated, their weight/criticality, and the frequency of the violation across all objects in the path of the transaction. TRI is a powerful metric to identify, prioritize and ultimately remediate riskiest transactions and their objects.)
Selecting a transaction will display information in the right hand panel about rules violated by the rules violated by the selected transaction with regard to:
|Displays the number of Violations or Critical Violations added to the current snapshot for the currently selected item since the last snapshot.|
|Displays the number of Violations or Critical Violations removed from the current snapshot for the currently selected item since the last snapshot.|
|#Critical / #Violations|
Displays the number of Violations or Critical Violations for the currently selected item. This column is also used as the default sorting criteria when items are first displayed.
|Name||Name of the Rule/Distribution/Measure.|
Displays the weight of the Rule/Distribution/Measure in its parent Technical Criterion. The higher the value, the more weight the item carries.
A red dot in this column indicates that the Rule has been set as critical in the Assessment Model.
Click this icon to export the list of violations to Excel:
Violations and Rule Documentation
Clicking a Rule in the right hand section will move the right hand panel over to the left hand side, and display a new panel containing:
- a list of objects that are violating the selected Rule, listed in alphabetical order
- a section containing documentation about the selected Rule
- Please see Violation table from the Risk Investigation view for an an explanation of the column headings Plan, Object Name Location, Risk and Status.
- Note that when there are many violations to display, a "Show More" button will be available. By default, only 10 violations are displayed to improve performance. You can choose to display more using the various options (+10, +100 etc.). By default an upper maximum of 5000 violations is set when the "All" option is clicked. You can change the upper maximum if required (see the violationsCount option in Engineering Dashboard json configuration options).
Click Rule, it displays parameter details section. This section displays the parameter name, technology, and value for the selected rule.
Parameter details will be displayed for the current snapshot as well as for the previous snapshot if the rule is "parameterized. The parameter detail section also displays the data for a selected rule when no violations. The parameter section displays a message "No parameter details available" if the selected rule does not have parameter details.
Selecting an object in the Violations and Rule Documentation section will move the right hand panel over to the left hand side, and display a new panel containing the source code of the selected object:
Click to enlarge
Note that analyzed source code from the following technologies is not visible in the Engineering Dashboard:
- PowerBuilder (using CAST AIP ≤ 8.3.12)
- VisualBasic (using CAST AIP ≤ 8.3.12)
Please also note that in the current release of CAST AIP, the display of source code is limited in functionality:
- The source code is in fact a display of the entire file that contains the selected object, therefore display performance can be affected if the file is very large
- Bookmarks in the source code showing the location of the violation are not displayed, instead the entire object within the parent source code file is highlighted
- The source code does not currently show all violations for Rules that reference User Input Security elements, such as:
- OWASP security rules
- The Rule "Avoid direct or indirect remote calls inside a loop"
- Any Rule referencing copy/paste rules
Impacted objects with violations
This section lists all objects that are involved in the selected transaction and which also have rule violations:
|Name of the object involved in the selected transaction.|
Status of the object in the current snapshot (unchanged, updated, added). You can filter on this column using the drop down:
|#Critical / #Violations|
Displays the number of Violations or Critical Violations for the object involved in the currently selected transaction. This column is also used as the default sorting criteria when items are first displayed.
|Drill down to the object in the Application Investigation view.|
By selecting the filter as a critical or non-critical filter, the user can see the violation count of an object based on critical or non-critical violations.
Click this icon to export the list of objects to Excel: