Workflow Rules

This topic provides orientation on creating workflow rules, available in the Administration module. These rules execute actions automatically when certain configurable conditions are met.

Two types of rules can be created:

    Continuous verification rules: These rules execute actions once or daily. To avoid conflicts, you can set a time for all verification rules to be executed. They can be created for events (only open events); interviews; objects that come with the installation of on-demand solutions and any custom objects registered in the Objects and Attributes section of the Administration module.

    Interaction rules: These rules execute actions when there is some form of intervention by the user (for example, if they create or edit an object). They can be created for all of the abovementioned objects, including events of any status, as well as interviews, risk and compliance projects, and policy revisions and approvals.

When creating a rule, one or more conditions must be set for its actions to be executed. You must also define whether all or only one of the conditions must be met. These conditions are structured as follows: property or attribute of object + relational operator + value. For example, Event Deadline/is equal to/3 days ahead. However, the value may not be used depending on the relational operator selected (for example, Description/is blank).

The actions available vary from rule to rule, as detailed in the table below. The possibilities include sending an e-mail notification, executing an HTTP call, changing the property of an object, ignoring another rule, and accepting risks or non-compliances. Note that for e-mails to be sent, the message service must be configured. For details, see Chapter 17: Administration -> Settings -> Message Service.

Although there is no limit to the number of conditions or actions that can be created in a rule, each rule must contain at least one condition and one action. To avoid conflicts, rules are executed in alphabetical order of their names.

Keep in mind that the system does not verify the logic of each rule. For this reason, it is important to be careful to avoid creating contradictory or impossible rules (for example, a rule with a condition that is true when a required field is blank).

The table below illustrates the variety of rules that can be created.

Type

Object

Execution Options

Available Actions

Continuous verification rule

Custom or default objects

- Only the first time the conditions in the rule are met

- Every day

- Change Field Value

- Execute HTTP Call

- Notify via E-mail

Interaction rule

Interviews

- When sending the interview

- When sending the interview for review

- Ignore Other Rule

- Notify via E-mail

 

Policy revision and approval

- When starting the revision

- When requesting the revision

- When confirming the revision

- When requesting approval

- When confirming the approval

- When finishing the revision

- Notify via E-mail

 

Projects - Properties

- When creating a project

- When editing a project

- When deleting a project

- Notify via E-mail

 

Projects - Scope

 

- When adding an item to the scope

- When removing an item from the scope

- When editing selected of an item in the scope

- Notify via E-mail

 

Projects - Evaluation

Compliance Projects

- When the interview is finalized

 

Risk Projects (Controls)

- When closing the analysis phase

- When closing a questionnaire

 

Risk Projects (Vulnerabilities)

- When closing the analysis phase

- When closing the vulnerability analysis for the asset

- Accept Automatically

 

Custom or default objects

- When creating or editing an object and the rule has not yet been executed

- Only when creating an object

- Always when creating or editing an object

- Change Field Value

- Execute HTTP Call

- Notify via E-mail

 

 

For details on the execution options and actions available, see Chapter 17: Administration -> Customizations -> Workflow Rules -> How to Create Conditions for a Workflow Rule and How to Create Actions for a Workflow Rule, respectively.

Note that any default values defined for the objects' attributes will be used by workflow rules. Thus, if an action changes the type of an object, for instance, the default values of the new type's attributes will be applied.

In addition, when importing objects through a spreadsheet, you can choose whether to execute any applicable interaction rules. In other words, the information in the spreadsheet may be changed by any enabled workflow rules if the option to execute them is selected.

Rules containing conditions or actions that are no longer valid are disabled and highlighted in the main list so that they can be corrected. For example, if the object for which the rule was created is deleted from the system, the rule will be automatically disabled. If an attribute used in a condition or action is deleted, the rule will also become invalid.