Workflows

The "Workflows" section of InsightConnect acts as your workflow manager. View, build, modify, activate, and configure workflows here. Within this section you can access all of your workflows and your workflow snippets.

The workflow page allows you to filter the workflows by the following states:

  • Active - the workflow is active and will create jobs if triggered
  • Inactive - the workflow is retired, but can be re-activated

Workflow Actions

From the Workflow page, you can activate and deactivate the workflow by setting the Status Toggle to active (green) or inactive (grey) side. You have an option to view the Workflow Control Panel by clicking on the workflow card. The Workflow Control Panel allows you to view the workflow in the Workflow Builder, Publish changes and by clicking the ellipsis on the page, you can also run and export the workflow. In addition to that, you can perform actions on individual workflows by clicking the ellipsis at the end of each workflow card.

For active workflows, you can:

  • run the workflow
  • view the active version of the workflow
  • edit the workflow in workflow builder
  • export the active version of the workflow

For inactive workflows, you can:

  • edit the workflow
  • discard the pending changes made to the workflow
  • delete the workflow

Workflow States

There are 3 possible states that the workflow can be in:

  • Active - you build and activate a workflow
  • Active with Unpublished Changes - you build and activate a workflow, then edit it but without publishing the changes
  • Inactive - you build a workflow but don't activate it Each case impacts the available actions for the workflow.

Active Workflows

Active workflows are currently running workflows that have no changes waiting to be published. To edit an active workflow, click the ellipses on the workflow's card and choose Edit in Builder. On the Workflow Builder page, you will be shown that you're Editing Unpublished Changes. This will tag the workflow indicating that there are changes which have not been published yet.

Active Workflows with Unpublished Changes

Once an active workflow has been edited, it creates an unpublished version of your workflow. In the Workflow Builder, you can switch between viewing the active workflow, and the unpublished changes. This allows you to keep track of the changes made and refer back to the active version of the workflow. You can either publish the changes - this will replace the currently active workflow with the changes you made, or you can leave the Workflow Builder page with unpublished changes, and come back to continue working on it at a later date. Once you are ready to publish the changes, you can do it either from the Workflow Builder or from the Workflow Control Panel.

The use case below further illustrates how you might use the unpublished changes functionality.

Unpublished Changes in Action

An InsightConnect user in a corporate security team builds and activates a phishing workflow called "MailFlow.” “MailFlow” contains a GMail trigger and steps to check the sender's IP addresses, lock down email accounts, and block future emails from that sender.

The active "MailFlow" has been creating jobs for every account in the user's enterprise GMail instance that triggers the workflow. However, the user begins to think that the problem is worse than they thought, and wants to add an Artifact Step to collect data for efficient reporting. To update the workflow of “MailFlow,” the user clicks Edit in Builder from the “MailFlow” dropdown menu on the workflows page.

The user makes the changes on the active workflow to suit their new needs and once he's done clicks Publish Changes.

InsightConnect automatically updates the original "MailFlow" workflow with the changes made in the Workflow Builder.

Inactive Workflows

Inactive workflows are workflows that either have never been made active from when they were created, or were disabled manually. You can edit the inactive workflows as you see fit, and once the work is completed simply move the slider next to the workflow name to an active position.

Workflow Builder

To build a new workflow click Create New from any of the workflow manager pages. This will open the Workflow Builder and immediately prompt you to set up a trigger. If you need to edit an existing workflow, open the Workflow Builder by clicking the ellipsis on a workflow card, then Edit Workflow.

The Extension Library

Alternatively you can import existing workflows from The Extension Library.

Toolkits

To you help choose which workflows are right for you we have created some help pages on The Extension Library on the following subjects:

  1. Phishing
  2. InsightVM Automation
  3. Ransomware