This section provides orientation on managing queries through the Organization module.
Queries are search mechanisms that allow detailed information on system objects to be grouped into one place. The Organization module has the following types of queries: those to display information on the organizational structure (including perimeters, assets, asset components, and business components, as well as the properties and attributes of each); those to view interview statistics from organizational projects; and those to show results of risk analyses. Queries displaying risk analyses results are then divided into four subtypes: one to consolidate risk analysis results, one to view the analysis results for requirements mapped to controls, one to query the status of controls also using the results of risk analyses, and one to query the status of vulnerabilities analyzed in risk projects.
In consolidated queries, queries can be created to consolidate risk indicators by grouping, threat, threat source, asset, asset component, business component, control, knowledge base, or perimeter. For these queries, risk metrics are always calculated based on the controls, since these are the most granular object analyzed in projects and will serve as a base on which indicators for other objects will be consolidated (for example, control -> knowledge base -> asset component -> asset -> tactical business component -> strategic business component).
In queries to view analysis results for requirements mapped to controls, you can view risk indicators for requirements and authoritative documents related to controls analyzed in risk projects. These can be viewed for requirements, for authoritative documents, for requirements including the associated control, as well as for the status of controls with the associated requirements. For details on mapping controls and requirements, see Chapter 8: Knowledge -> Control and Requirement Mappings.
In queries to interviews from organizational projects, you can select one or more interviews in order to view general information on them, such as the final answers provided and the number of responses to each question. In queries to interview details, more detailed information on each interview is available, such as the name of the interviewee and reviewer (if assigned), the object, the interviewee's responses and the final responses provided by the reviewer, in addition to any attachments and comments. The interviews and reviews (if applicable) must be completed before data can be displayed in the results.
In queries to the general status of controls, you can check the latest information obtained from risk analyses regarding the controls, including their status, PSR (Probability, Severity, and Relevance), the associated asset, the analyst who answered the control, their relationship with threats and threat sources, and more.
In queries to vulnerabilities analyzed, you can view the most recent information on vulnerabilities analyzed in risk projects. These vulnerabilities are identified by scanners and automatically mapped to assets in the organizational structure. In this query, you can view the list of vulnerabilities and the corresponding assets where they were found, verify whether these vulnerabilities have been accepted or sent to treatment, and view their Risk Scores and additional information. For details on analyzing vulnerabilities identified in technology assets through risk projects, see Chapter 5: Risk -> Risk Management Projects.
Keep in mind that the questionnaires and vulnerability analyses related to the assets and perimeters selected in the scope of risk analysis queries must be closed for data to be displayed in the results.
You can filter the information to be queried, as well as define which columns will be displayed in the query results. People and groups of people can be included in the audiences of these queries so that they can view them in the Home module and in this module, if they have permission to it. You can also assign people and groups as editors of a query so that they can both view it, like the audience members, and edit it with the same permissions as the author. These steps are optional, however, and the query can be generated as soon as its scope has been selected.
In addition, you can create copies of the queries of which you are author, editor, or an audience member, which can later be edited and run. This allows you to create a new query with the same settings as a previously registered one. However, in the results of the copied query, you will only be able to view information to which you have access.
The results of queries can be exported to SQL tables through an integration task, allowing them to be used to generate graphs and tables in reports created in Report Designer, as well as to create charts in the Dashboard module. For details, see Chapter 17: Administration -> Integrations -> Integration Tasks -> Creating a Task to Export Queries to SQL Tables.
All queries can be saved and their results can be updated so that you can monitor changes made in organizational objects and any projects in which they were analyzed.
Keep in mind that only the author and editors of a query will be able to edit and delete it. If the author of a query is deleted from the system, the audience members will keep their permission to view the query, the editors will keep their permissions to copy, view, edit, and delete it, and the name of the author will be displayed with the tag "(deleted)" in the Author column. However, if there are no audience members or editors assigned when the author is deleted, the query will no longer be available in the system, except for inclusion in integration tasks.