How to capture user information metrics for a workflow

Workflow Metrics

Using Global Artifacts to track decisions, user actions, and decision points within a workflow.

Goal: Be able to track what decisions are made within a workflow, who makes the decision, and what the decision is. As well as being able to export the data into a usable format for reporting purposes.

In order to be able to track the actions taken within the workflow and who / what took them. I created a Global Artifact that tracked Decision, DecisionMaker, and DecisionMethod. Using this data I was able to keep record of if a decision was automated/human, where in the workflow it took place (header analysis, human decision point in ICON, slack decision point, secondary automation check). The Global Artifact allowed me to export the information into a CSV file that could then be used by Excel / PowerBI to generate reports for decision types (spam, legitimate, malicious), decision maker (SecOps user, automated), and decision point (header information, ICON platform, slack, secondary automation check). This enabled us to report on message type, decision makers (compare human vs automation) to gauge effectiveness of automation processes, and response times (decision made in ICON or after timeout to slack message).

Example Entries:

| Decision | decisionMaker | DecisionMethod |

| Spam | decisionMakerId | HumanDecision.Path |

| Legit | Slack Username | Slack.Path |

| Malicious| Automated | Header Check |

I was also playing with creating another Global Artifact that tracked when an email was received based on header information, when it was reported to ICON, when a human decision was prompted, and when the decision was made on the email to monitor overall exposure time of the email.

Example Entries:

| Received | Triggered | Decision Point Reached | Decision Time |

| 08:00 01/01/2022 | 09:15 01/01/2022 | 09:20 01/01/2022 | 09:40 01/01/2022 |

Capturing data from the human decision step in order to use it in reporting.

There is a way to do this now but it requires some work on the backend to set it up initially. You will need to create a global artifact (decisionMaker) that has two fields in it decisionMakerName and decisionMakerId these will be used to track the unique user identifier in the decision step and tie it to the user’s name.

The human decision point has a variable named decisionMakerId ({{[“Decision Point”].[decisionMakerId]}}) you can use this as a lookup on your global artifact to get the decisionMakerName, the issue right now is that information is not available in the system as you know. To get around that what I did was created a step that added the decisionMakerId to a global artifact with the job name/id attached to it. I then used that list to manually look up each job in the UI and find out who made the decision and used that information to create my decisionMaker global artifact. Once that is done you can then use a lookup step going forward to have your workflow you are wanting to track the decisionMakerName on that will lookup the decisionMakerId and return the matching decisionMakerName to be used where you need it.

For simplicity sake if you didn’t want to wait on the list to populate via an existing workflow you could create a quick generic workflow that captured decisionMakerId into a GA and have your team run the workflow and click on a decision to populate the list and then use that to create your decisionMaker GA.

Let me know if this doesn’t make sense or you have any questions.

We really appreciate all the hard work you did for us!

Thank you