Summary: This page provides instructions for managing the Education list in the Security Dashboard.
The Security Dashboard features the ability to add rules to an "Education list" to highlight specific issues that may not be corrected, but require tracking, monitoring. In essence the Education list:
- enables an Architect or Technical Lead to identify the main issues in an Application and add related rules to the list to "educate" his team
- the violations associated with the rule in the list may not necessarily be corrected because they may be too costly, however, the Architect or Technical Lead can use the list to explain to his development team the issues that exist (i.e. the violations can be shown) and how to avoid the issues in the future (i.e. by highlighting the associated rule documentation)
- Rules in the Education list can be configured so that all NEW violations to the rule are automatically added to the Security Dashboard - Action Plan when the next snapshot is generated.
- links to the Education list can be sent to development team members directly to "share and promote" best practices or how to adhere to specific rules.
Note that items in the Education list are not available when viewing data from a previous snapshot.
Permissions required to manage the Education list
To manage the Education list - i.e. add/remove rules.
Your user login must have the QUALITY_AUTOMATION_MANAGER role.
- Roles can be assigned at user level (when using Default Authentication mode) or via user or group (when using Standard LDAP/SAML authentication). Please see User authentication for more information.
- You can view items in the Education list in read-only mode if your user login has not been assigned the required role.
Accessing the feature
To access the feature:
|From the Side Menu bar, click the following icon:|
The focus will be set to the Education tab when using this icon:
The image below shows a list of rules that have been added to the Education list:
Click to enlarge:
This check box allows you to manage the rule. A Manage button will appear when a rule is ticked:
This Manage button allows you to:
Note that the check box is only visible if your login has the QUALITY_AUTOMATION_MANAGER role
|Rule||The name of the rule which has been added to the Education list.|
Displays the priority given to the rule when it was added to the Education list, ranging from:
This priority can be modified using the check box and Manage button.
|Comment||Displays the free text comment assigned to the rule when it was added to the Education list. This comment can be modified using the check box and Manage button.|
|Active||Indicates whether (Yes or No) the violations associated to the rule will be "active" (i.e. added to the Action Plan) when the next snapshot is generated. This can be modified using the check box and Manage button.|
The date the rule was last updated - i.e. any of the following:
Share and Promote the rule - i.e. compose a new email in the default email client on the current machine containing a direct link to the Education list.
This icon, when clicked, will take you direct to the associated rule documentation in the Risk Investigation view.
Adding rules to the Education list
- Drill down to Violations level in any of the Risk, Application or Transaction Investigation views
- There are two ways to add rules to the Education list:
Using the checkbox
A checkbox will be visible in each violation description row (highlighted in the image below in red) - if you do not see this checkbox, then your login does not have the correct role, or the rule has already been added to the Education list:
Place a check mark in the checkbox alongside the violation - the Add button will then become visible as shown below:
Now click the Add button and select the Educate on the related rule option:
Using the Education icon
An icon will be visible above and to the right of the list of violations. If this checkbox is disabled (greyed out),then your login does not have the correct role, or the rule has already been added to the Education list:
Click to enlarge
In both cases a dialog will now be displayed:
|Comment for future violations||Add a free text comment - this will be displayed in the Education list - you can use this to explain the reason why it has been added to the list.|
|Select a tag for future violations|
Choose a priority for the rule ranging from:
|Mark for ...|
Removing rules from the Education list
If you would like to remove a rule that has already been added to the Education list, access the Education list from the side menu bar and select the rule or use the multi checkbox to select all rules you want to remove:
Then click the Manage button (as shown above) and select the Remove From Education option. You will then be prompted to confirm your choice:
The selected rule will be removed from the Education list and will be available for re-selection in the future.
Share and Promote
The Education list provides an option to create an email in the default email client on the local machine - this email will contain a direct link to the Education list. The goal is primarily "education", i.e. to highlight and educate team members about specific rules or best practices:
Locate the rule in the Education list, select the rule or use the multi checkbox to select all rules and then click the Manage button and select the Update Scheduled Education option:
A new email will open in your default email client containing text and a link to the Education list.
Note that it is possible to change the text that is placed in the new email. Please see CAST Dashboard Package - Education - change Share and Promote email text for more information.
Updating rules that are already present in the Education list
If you have added specific rules to the Education list you can alter the comments/tag/action options directly, without having to remove the rule from the list and then re-add it:
Locate the rule in the Education list, select the rule or use the multi checkbox to select all rules you want to update and then click the Manage button and select the Update Scheduled Education option:
A dialog box will be displayed enabling you to make changes where necessary:
All selected rules will now be updated.
Identifying rules that have been added to the Education list
Rules that have been added to the Education list can be identified with an "academic cap":