Design of Alert Portal

GOAL & OVERVIEW

Goal: Workflow that enables tracking security outcomes of cases. Cases stay open until related escalations are closed.

Overview: Analysts put time into completing an entire investigation before choosing the closing status of a case, which may include escalation to a client. This means the time until a client has an update on a security case may be hours or days after it fired.

Created a workflow that allows analysts to only have a certain amount of time after assigning to provide an update to ta client. We needed to find a way to give the analysts a way to provide that update via an escalation, but work may still need to continue. Closing the case reflects that no work will continue on it, and not occur until any client escalation closes in order to more effectively reflect the actual case status in a single artifact.

Acceptance Criteria

When an analyst is investigating a case in the product, they have two options:
- Close without escalation (closed status)
- Escalate to Client (in progress status)
If an analyst choose to Close without Esclation
- They case is closed
- All related third party app alerts are closed
  - Analysts will need to manually close alerts from other services in those respective systems
If an analyst choose to Escalate to client:
- Analyst creates a Jira ticket through the platform with details to update the client
- The case is still assigned to the analyst
- The case moves into an "Escalated" status
For any case in the "Escalated" status, once completed the case can be closed with a status of "Closed with Escalation"
- The case closes
- This closes all third party app related alerts
- Analyst will need to manually close alerts from other services in those respective systems
- If the case has a ticket, it cannot be "Closed without Escalation"
Case needs to be assigned to the analyst in order for them to make any above changes to it
Analysts can continue to merge new alerts into any open case, cases that were already escalated
- Analysts cannot merge new alerts into closed cases

RESEARCH

We had a teams chat set up with specific analyst that were our design partners for this project. I was able to ask questions in this chat to get answers as I was working through Alert Portal. This was helpful as our internal team was very vocal about feedback and what was working and what was frustrating them in their daily workflow.

TESTING

To validate the design of Alert Portal, I asked 4 analysts to walk me through their daily workflow. While going through the process I asked them to talk through everything and be open about feedback. Each analyst had their own likes and dislikes which was helpful to hear and allowed me to make notes for future updates.

I recorded the user tests, which gave the team the ability to go back and re-watch each user test if needed.

MOCKUPS

Below are a few designs of Alert Portal, including a case table, case detail view and alerts related to the cases.