Transaction Investigation view
Accessible from the sidebar menu or by clicking an object in the Top Riskiest Transactions tile, this view enables investigation of the transactions in the Application. Data is presented in a series of tables on the left and right hand side of the page enabling you to drill down from a Transaction with a high level of risk (i.e. Violations) right down to the Violations themselves.
The view functions in a very similar way to the Risk Investigation view. The default Health Measure used for this view is Security.
The view lists 50 Transactions per "page" sorted by the risk level (i.e. the Transaction Risk Index (TRI) value: TRI is an indicator of the riskiest transactions of the application. The TRI number reflects the cumulative risk of the transaction based on the risk in the individual objects contributing to the transaction. The TRI is calculated as a function of the rules violated, their weight/criticality, and the frequency of the violation across all objects in the path of the transaction. TRI is a powerful metric to identify, prioritize and ultimately remediate riskiest transactions and their objects.)
Selecting a transaction will display information in the right hand panel about the status of each Health Measure:
Column | Explanation |
---|---|
Displays the number of Violations or Critical Violations added to the current snapshot for the currently selected item since the last snapshot. | |
Displays the number of Violations or Critical Violations removed from the current snapshot for the currently selected item since the last snapshot. | |
#Critical / #Violations | Displays the number of Violations or Critical Violations for the currently selected item. This column is also used as the default sorting criteria when items are first displayed. |
Health Measure | Name of the Health Measure/Business Criterion |
Selecting a Business Criteria in this table will display all of the contributing Technical Criteria in the right hand section:
Column | Explanation |
---|---|
Displays the number of Violations or Critical Violations added to the current snapshot for the currently selected item since the last snapshot. | |
Displays the number of Violations or Critical Violations removed from the current snapshot for the currently selected item since the last snapshot. | |
#Critical / #Violations | Displays the number of Violations or Critical Violations for the currently selected item. This column is also used as the default sorting criteria when items are first displayed. |
Technical Criterion | Name of the Technical Criterion. |
Weight | Displays the weight of the Technical Criterion in its parent Health Measure/Business Criterion. The higher the value, the more weight the item carries. |
Selecting a Technical Criteria will move the Technical Criteria to the left hand side of the page and display all of the contributing Rules, Distributions and Measures in the right hand section:
Column | Explanation |
---|---|
Displays the number of Violations or Critical Violations added to the current snapshot for the currently selected item since the last snapshot. | |
Displays the number of Violations or Critical Violations removed from the current snapshot for the currently selected item since the last snapshot. | |
#Critical / #Violations | Displays the number of Violations or Critical Violations for the currently selected item. This column is also used as the default sorting criteria when items are first displayed. |
Names | Name of the Rule/Distribution/Measure. |
Weight | Displays the weight of the Rule/Distribution/Measure in its parent Technical Criterion. The higher the value, the more weight the item carries. |
Critical Rule | A red dot in this column indicates that the Rule has been set as critical in the Assessment Model. |
Selecting a contributing Rule, Distribution or Measure will move the item to the left hand side of the page and display details about it (including the list of objects in violation and rule/distribution/measure documentation) in the right hand section:
Note that when there are many violations to display, a "Show More" button will be available:
By default, only 10 violations are displayed to improve performance. You can choose to display more using the various options (+10, +100 etc.). By default an upper maximum of 5000 violations is set when the "All" option is clicked. You can change the upper maximum if required (see the violationsCount option in Dashboard wide configuration options in json - from the CAST AIP documentation).
Header icons
The following icons will be available:
Educate | Click this icon to add the associated Rule to the Security Dashboard - Education list. |
Download | Click this icon to export the list of violations to Excel. |