Below is a Resilient Mod Con that will allow Users to Mark Mandatory Tasks as Optional/Not Applicable. A follow up to the Mod Con: Enforce Completion of Mandatory Tasks for Incident Closure I posted earlier.
Background: In Resilient to date, a User only has the ability to mark an Optional Task as Mandatory through the GUI on the Task. Not the other way around. Optional Tasks are not evaluated for Phase change, but they are counted in the overall percentage Complete on the Task list. Albeit a lesser percentage value than a Mandatory Task.
Mandatory Tasks are visually indicated in the Task List by the red * before the Task Name. Optional Tasks are visually indicated with the distinction of "This task is optional" and "Mark Task Required" in a blue banner within the Task itself.
Why: As described in earlier, Tasks in Resilient have to primary uses. 1. To present detailed response actions through instructions to the User. 2. To track the work effort, outcome and completion of those actions. Tasks presented to the User as part of an overall process/Playbook can be prescriptive and or suggestive. As a process owner/playbook designer, I try my best to account for every possible scenario, variance and outlier. However, it's possible that a predetermined Task/action may not be relevant to a given situation. In this Case, I would want a User to add a Note to the Task, indicating why the Task was Not Applicable. Then marking the Task as Optional.
In this case, as a process owner, I would like to track when a Task(s) is identified Not Applicable, and at the same allow a User to progress through the Playbook, without marking the Task Complete. Tasks should only be marked Completed when the actions described within are performed.
Drawing this distinction between Tasks Open & Not Applicable and those Completed, allows me to evaluate the efficacy and applicability of Tasks within a Playbook. Performing this assessment allows me to determine if I need to either tweak the Task Instructions, change its order, or remove it altogether from the Playbook. Reducing the overall time, a User is spending on assessment and response. Making the Playbook more effective.
How: This is accomplished by adding a Menu Item/Action on the Task, allowing a User under the conditions set, to select the "Mark as Optional/Not Applicable" from the drop-down. This action does two things:
- Marks the Task as Optional, removing the * from the Task.
- Prompts the User to add a reason why they are Marking this Task as Optional/Not Applicable. This reason is then recorded on the Task as a Note, with the User's name and a Date & Timestamp.
Method: For this Mod Con, three objects are created with the following names (name them as you wish).
Task Menu Item Rule (Action) – Mark as Optional/Not Applicable
Menu Item Activity Text Area Field – Reason for Marking Optional/Not Applicable (Note: this should be created as a non Rich Text Field).
Task Script – Mark as Optional/Not Applicable
The Task Menu Item Rule displays the Action to the User in the Task drop down. Selection of this Action presents a pop-up Activity Field to the User, triggers the Rule to Run the Task Script, setting the Task to Optional, and creates a Task note with the reads in the content of the Activity Field, and creates a Task Note, with reason and the User's name and a Date & Timestamp of the Action.
Extending this Mod Con: If you are enforcing the completion of Mandatory Tasks before Incident Closure, through my previous Mod Con here: . Then you may want to restrict this ability to Mark Mandatory Tasks as Optional/Not Applicable to only specific Groups, Users or under certain scenarios such as a False Positive or when remediation is already complete. As this may provide the User a method to defeat the original intent of Task enforcement.
To add these restrictions, you can add Conditions to the Menu Item Rule, which will display this Action only when those Conditions are met. A more comprehensive method would be to add conditions within the Script itself. So that the code which sets the Task to Optional is only evaluated when a User is a Member a certain Group. Which brings me to my next Mod Con: Restrict Actions by Group Membership.
An alternative to this method to this Mod Con is the Task Utils extension found on the AppExchange as part of the IBM Resilient Task Helper Functions App. H/T to @Ryan Gordon!
Script:
task.required = 'False'
task.addNote("Task has been Marked Optional/Not Applicable by " + principal.display_name + " with the following reason: \n" + str(rule.properties.reason_for_marking_optionalnot_applicable.content))
Screenshots:
Menu Item Rule
Menu Item Text Area Field
Task Script
Task List
Mandatory Task
Reason for Marking Optional/Not Applicable
Resulting Optional Task
Resulting Task Note
------------------------------
Brenden Glynn
CISSP, GCIH
Incident Response Business Consultant
IBM Resilient
------------------------------