Enhancing the functionality of tables
Enso is the first Application Security Posture Management (ASPM) solution that helps security teams everywhere eliminate their AppSec chaos with application discovery, classification, and management.
Enso easily deploys into enterprise environments to create an actionable, unified inventory of all application assets, their owners, security posture, and associated risks.
The Platform
My Role
-
Research
-
Sketches
-
UX
-
UI
The Team
-
Product Team
-
R&D Team
Tools
-
Figma
Years
2023
The Problem
Customer feedback highlighted significant gaps in capabilities for managing data in tables. It became apparent that essential self-service features were notably lacking.
The Solution
Efforts were directed towards enhancing the tables with more user-friendly features and self-service-oriented solutions.
The table within the system holds a main role, which serves as the focal point where all information is consolidated, to provide a comprehensive overview of the pertinent situation. Its primary objective is to automate and orchestrate workflows seamlessly across your security and developer teams, eliminate guesswork, and foster efficiency at the speed of development.
The primary goal in refining tables is to incorporate new features that enhance usability and provide additional value for users.
In the platform, there are two tables:
Asset Inventory
Enso's inventory solves the visibility challenge by organizing your entire asset portfolio in the most meaningful way.
This table enables users to explore application inventory by presenting all discovered assets and their relationships.
Users can leverage filters to focus solely on relevant assets. The asset inventory view exhibits the customer's application inventory through a 'table of trees' structure. Each row in the table can be expanded to reveal child rows underneath.
Each asset in Enso contains different types of data. This information allows a full understanding of the reasoning behind the asset's associated risk.
The asset information is divided into a few tabs: Summary, Score, Defects, Tasks, and Attributes.
The Summary tab is a concentrated view of the asset properties
Defects
Defects represent vulnerabilities detected by various scanners or user input. The defects page is the centralized place to view all the existing defects
The defects page allows to search and filter all the existing defects in Enso.
This page is commonly used for triaging defects according to their risk, severity, and source (security control)
Click the defect's title to drill down into the defect's full description.
Jira
Many customers extensively utilize Jira tickets in their workflow. Addressing this important aspect, was a significant focus.
The enhancements are structured into three key components:
-
Integration with Jira
Streamlining the integration process to ensure seamless collaboration with Jira, enhancing overall workflow efficiency. As the AppSec / R&D team uses ticketing systems to manage their work, it's important to move defects to the R&D's to-do list. Click on "+" to generate those tickets based on your defects.
-
Create a new Jira ticket - a new Jira ticket will be automatically created according to the defect's details. In case there are other required fields, a new tab will be opened, allowing to add the required info
-
Create and edit Jira ticket - this allows to edit the Jira ticket before submitting it
-
Attach a Jira ticket - attach a defect to an existing Jira ticket
-
Add ticket URL - used when the tickets are not managed in Jira, but on another ticketing system
.png)
-
Multiplying Jira Tickets
The opening of multiple Jira tickets on defects allows users to connect various tasks to the same defect. This functionality proves particularly useful for the work processes of AppSec personnel, providing flexibility and efficiency in managing security tasks.
-
Creating Jira Tickets on Asset
Enabling the manual or rule-based opening of Jira tickets on defects is a widely used feature. Given that one of the primary objectives of an AppSec team is to prioritize security tasks and seamlessly pass them to the development team, this feature plays a pivotal role in streamlining and prioritizing security workflows.
Filters
The advanced filtering functionality empowers users to refine the application inventory based on various metrics, asset types, and advanced filters. This ensures showcasing only the matched items while concealing any irrelevant information.
In line with best practices outlined in the article 'Best Practices When Designing Filters for SaaS Products'. I introduced Quick Filters for enhanced and efficient access to information. These filters are meticulously crafted to optimize data presentation by applying an initial filter tailored to the user's specific needs.
The default display of Quick Filters aligns with the prioritization of critical information, providing users with immediate insights. Customization is seamlessly integrated, enabling users to tailor preferences effortlessly, in line to swiftly convey on-screen content without additional clicks.
To ensure the effectiveness of Quick Filters, I carefully considered key aspects:
-
Positioning relative to advanced filters: determining whether to place them side by side or as distinct buttons.
-
Employing existing components, such as button groups, from other areas.
-
Naming conventions: deciding between using the term 'value' or displaying the name in the quick filter field for clarity.
.png)
By introducing Quick Filters, I have enhanced the effectiveness of top actions.
This involved modifying hierarchies and implementing minor adjustments to the UI for a more refined experience.
Note
We are constantly striving to enhance our platform, making it more versatile, self-service-oriented, and adaptable to meet a broader range of customer requirements. Introducing the 'Note' column is one such feature.
This empowers users to add free-text notes to their asset rows, providing a flexible and personalized way to capture relevant information.
