Workflow Metrics
Using Global Artifacts to track decisions, user actions, and decision points within a workflow.
Goal: Be able to track what decisions are made within a workflow, who makes the decision, and what the decision is. As well as being able to export the data into a usable format for reporting purposes.
In order to be able to track the actions taken within the workflow and who / what took them. I created a Global Artifact that tracked Decision, DecisionMaker, and DecisionMethod. Using this data I was able to keep record of if a decision was automated/human, where in the workflow it took place (header analysis, human decision point in ICON, slack decision point, secondary automation check). The Global Artifact allowed me to export the information into a CSV file that could then be used by Excel / PowerBI to generate reports for decision types (spam, legitimate, malicious), decision maker (SecOps user, automated), and decision point (header information, ICON platform, slack, secondary automation check). This enabled us to report on message type, decision makers (compare human vs automation) to gauge effectiveness of automation processes, and response times (decision made in ICON or after timeout to slack message).
Example Entries:
| Decision | decisionMaker | DecisionMethod |
| Spam | decisionMakerId | HumanDecision.Path |
| Legit | Slack Username | Slack.Path |
| Malicious| Automated | Header Check |
I was also playing with creating another Global Artifact that tracked when an email was received based on header information, when it was reported to ICON, when a human decision was prompted, and when the decision was made on the email to monitor overall exposure time of the email.
Example Entries:
| Received | Triggered | Decision Point Reached | Decision Time |
| 08:00 01/01/2022 | 09:15 01/01/2022 | 09:20 01/01/2022 | 09:40 01/01/2022 |