This section provides orientation on managing queries in the Risk module.
Queries are search features that allow detailed information on objects in the system to be grouped into one place. In the Risk module, there are five types of queries: those to consolidate results from risk analyses, those to view the results of risk analyses for requirements mapped to controls, those to view interview statistics, those to query the status of controls also using the results of risk analyses, and, finally, those to view the status of vulnerabilities analyzed in risk projects.
In consolidated queries, queries can be created to consolidate risk indicators by control grouping, threat, threat source, asset, asset component, business component, control, knowledge base, or perimeter. For these queries, risk metrics are always calculated based on the controls, since these are the most granular object analyzed in projects and will serve as a base on which indicators for other objects will be consolidated (for example, control -> knowledge base -> asset component -> asset -> tactical business component -> strategic business component).
In queries to view analysis results for requirements mapped to controls, you can view risk indicators for requirements and authoritative documents that have been mapped to controls analyzed in risk projects. These can be viewed for requirements, authoritative documents, and requirements including the associated control. The statuses of controls with associated requirements can also be viewed. For details on mapping controls and requirements, see Chapter 8: Knowledge -> Control and Requirement Mappings.
In queries to interviews, you can select one or more interviews in order to view general information on them, such as the final answers provided and the number of responses to each question. In queries to interview details, more detailed information on each interview is available, such as the name of the interviewee and reviewer (if assigned), the object, the interviewee's responses and the final responses provided by the reviewer, in addition to any attachments and comments.
In queries to the general status of controls, you can check the latest information obtained from risk analyses regarding each control, including their status, PSR, the asset associated to them, the analyst who answered them, their relationship with threats and threat sources, and more.
In queries to vulnerabilities analyzed, you can view the most recent information on vulnerabilities considered in risk projects. These vulnerabilities are identified by scanners integrated with the system and are either automatically or manually mapped to assets in the organizational structure. In this query, you can view the list of vulnerabilities and the corresponding assets in which they were found, check if these vulnerabilities have been accepted or sent to treatment, and view their Risk Scores (the formula for which can be customized in the Administration module) and additional details. For details on analyzing vulnerabilities identified in technology assets through risk projects, see Chapter 5: Risk -> Risk Management Projects.
Keep in mind that the questionnaires or vulnerability analyses related to the projects selected in the scope of a risk query must be closed for there to be data displayed in the query results. For queries to interviews, the interviews and reviews (if applicable) must be completed before data can be displayed in the results.
You can filter the information that will be queried and define which columns will be displayed in the results. People and groups of people can be included in the audiences of these queries so that they can view them in the Home module and in this module, if they have permission to it. You can also assign people and groups as editors of a query so that they can both view it, like the audience members, and edit it with the same permissions as the author. These steps are optional, however, and the query can be generated as soon as its scope has been selected. All queries can be saved and their results can be updated so that you can monitor changes made in the projects in which the assets were analyzed.
In addition, you can create copies of the queries of which you are author, editor or an audience member, which can later be edited and run. This allows new queries to be created with the same settings as a previously registered one. However, in the results of the copy, you will only be able to view the data to which you have permission.
Query results can be exported to SQL tables through an integration task. This allows them to be used to generate graphs and tables to be used in reports created in Report Designer, and to create charts in the Dashboard module. For details, see Chapter 17: Administration -> Integrations -> Integration Tasks -> How to Create a Task to Export Queries to SQL Tables.
Keep in mind that only the author and editors of a query will be able to edit and delete it. If the author of a query is deleted from the system, the audience members and editors will keep their permissions to copy, view, edit, and delete it, and the name of the author will be displayed with the tag "(deleted)" in the Author column. However, if there are no audience members or editors assigned when the author is deleted, the query will no longer be available in the system, except for inclusion in integration tasks.