Summary: This page provides instructions for managing Actions (in the Action Plan) in the Security Dashboard.

Introduction

The Security Dashboard features the ability:

  • to add and remove objects (violations) to and from an "Action Plan" - an Action Plan is simply a list of objects (i.e. "violations") that have been selected for action in the next snapshot generation process with a priority level assigned to them. Users can then use the list to focus their re-mediation work. Think of it as a "to do list" - i.e. objects that require work to remove the violation flagged by CAST.
  • to Exclude objects from a future snapshot - this can be useful when the object is violating an AIP Rule, but is irrelevant or is a false positive.
  • to add and remove Rules to and from an "Education" list to promote best practices.
  • to view detailed information about rules that have been added to the Education list in the Continuous Improvement feature.

Note that Actions are available when viewing data from a previous snapshot, however, the ability to edit Actions is only available from the most recent snapshot.

Permissions required to interact with the Action Plan

FeaturePermission required

To edit Actions - i.e. add/remove objects/violations to/from the Action Plan.

Your user login must have the QUALITY_MANAGER role.

Notes:

  • Roles can be assigned at user level (when using Default Authentication mode) or via user or group (when using Standard LDAP/SAML authentication). Please see User authentication for more information.
  • You can view the Action Plan in read-only mode if your user login has not been assigned the required role.

Accessing the feature

To access the feature, there are two methods:

From the "home" or landing page, click the default Action Plan tile.


From the Side Menu bar, click the following icon:


The focus will be set to the Actions tab when using this icon:


Action Plan

The image below shows a list of violations that have been added to the Action Plan:

Click to enlarge:

Column key

The following columns are available:

Added: Total number of objects (violations) in the Action Plan that have been added to the list since the last snapshot was generated - their status will be checked during the next snapshot generation.

Pending: Total number of objects (violations) in the Action Plan that are STILL violating a rule since the last snapshot was generated - i.e. the problem has not been fixed


Solved: Total number of objects (violations) in the Action Plan that have been corrected and are no longer violating the rule since the last snapshot was generated - i.e. the object has been remediated.

Remove any Solved violations from the Action Plan.

Use this option to open the Action Plan Recommendation feature - designed to help you automatically build an Action Plan to improve the grade/score of a chosen Health Factor (Business Criteria).

Use this option to export the contents of the Action Plan to an Excel file. See Exporting data to Microsoft Excel file format for more information.


This check box allows you to manage the object (violation). A Manage button will appear when an object is ticked:

This button allows you to:

  • Update the Comment and Priority given to an object (violation) when it was added to the Action Plan
  • Add the related violations to the Scheduled Exclusion list
  • Remove the object (violation) from the Action Plan if the issue has been resolved or you no longer need to remediate the issue

Note that:

  • the check box is only visible if your login has the QUALITY_MANAGER role
  • the Schedule Exclusions for related violations option requires the EXCLUSION_MANAGER role - without this role the option will not be available.

 

Select all option will select only the available rows in the current page.

Priority

Displays the priority given to the object (violation) when it was added to the action plan, ranging from:

  • Low
  • Moderate
  • High
  • Extreme

Data can be filtered on this status, with the addition of All Tags - i.e. all priorities:

The Priority set on each violation when it was added to the Action Plan can be modified using the check box and Manage > Update Actions button.

Note that it is possible to modify the name of this column. See Dashboard json configuration options using the tagType parameter.
Status

Displays the status of the object (violation) in the Action Plan (see the sections in the rows above which explain these statuses in full):

  • Added
  • Pending
  • Solved

Data can be filtered on this status, with the addition of All Statuses:

See the sections in the rows above which explain these statuses in full.

Comment

Displays the free text comment assigned to the object (violation) when it was added to the Action Plan. This comment can be modified using the check box and Manage > Update Actions button. Data can be filtered on the comment, with the addition of All Comments and Empty Comments:

Rule

The name of the Quality Rule for which the object (violation) has been added to the Action Plan (objects (violations) can appear multiple times in the Action Plan). Data can be filtered on the rule name, with the addition of All Rules:

Object Name Location

The name of the Object (violation) that has been added to the Action Plan for remediation can be searched using this option.

Last Update

The date the object (violation) was last updated - i.e. any of the following:

  • added to the Action Plan
  • comment edited
  • priority/tag edited

In case of Solved violations the date displayed will be last Snapshot date.

In case of Added and Pending violations the date displayed will be last Updated date.

This icon, when clicked, will take you direct to the Source Code page for the object (violation) in question.

Use this option to export the contents of the Action Plan to an Excel file. See Exporting data to Microsoft Excel file format for more information.
Note that all columns are sortable (in ascending/descending alphabetical/numerical order) by clicking the column header.

Adding violations (objects) to the Action Plan

Drill down to Violations level in any of the the QualityApplication or Transaction Investigation views. A checkbox will be visible in each object description row (highlighted in the image below in red) - if you do not see this checkbox, then your login does not have the correct role:


Place a check mark in the checkbox alongside the object that you want to add to the Action Plan - the Add button will then become visible as shown below:


Now click the Add button and select the Add the violations to the Action Plan option:

Now enter a comment (not mandatory) to annotate the violations (this comment will appear in the Action Plan) and choose a priority (Extreme, High, Moderate, Low) - mandatory - from the drop down list. Click Add to add the violations to the Action Plan:

Note that it is possible to modify the names used for the priorities and the placeholder text used in this dialog box. See Dashboard json configuration options about using the tag parameters.

The violations will then be added to the Action Plan, In this example, we have selected the Extreme priority entered a comment:

You can add multiple objects to the Action Plan in one go in two ways:

Select the violations you require - the SHIFT key will function if you need to select a range of violations

Use the heading row check box to select all the violations to the selected Quality Rule:

  • You can also add violations to the Action Plan from the (Scheduled) Exclusion List using the Add the related violations to the Action Plan option:

Removing violations (objects) from the Action Plan

If you would like to remove a violation that has already been added to the Action Plan, you can do so in two ways:

Via the Action Plan

Access the Action Plan from the side menu bar, or from the Action Plan tile on the "home" page. Select the violation or use the multi checkbox to select all violations you want to remove, then click the Manage button and select the Remove From Action list option as shown above. All selected violations will now be reset and will no longer be part of the Action Plan.

Via the Risk Investigation, Application Investigation, Transaction Investigation and Advanced Search views

In ≥ 2.10 you can remove violations from the Action Plan from the following locations:

To do so, find the violations or violations you want to remove in any of the views listed above and then select the violation (or use the multi checkbox to select all violations) you want to remove:

Then click the Manage button and select the Remove From Action list option. All selected violations will now be reset and will no longer be part of the Action Plan:

Removing Solved violations

An option to remove Solved violations is available:

A confirmation dialog box is displayed.

If there is no solved violation, the icon will be disabled.

Updating comments/priority for violations (objects) that are already present in the Action Plan

If you have added specific violations to the Action Plan with a specific priority and comment, you can alter the priority and comments directly, without having to remove the violation from the Action Plan and then re-add it. You can do this from the Action Plan itself:

Locate the violation in the Action Plan. Select the violation or use the multi checkbox to select all violations you want to update, then click the Manage button and select the Update Actions option:

A dialog box will be displayed enabling you to choose a new Priority you want to assign to the violation and edit the comment where necessary:

All selected violations will now be updated.