title_pics_ESS.jpg

AWS - SECURITY HUB

Experience Designer

the
PROJECT

When interacting with Security Hub, customers often want to capture custom query results/tabular findings to use as plain text in reports, emails and ticketing efforts outside Security Hub.

Previously, customers need to build custom infrastructure to be able to export their findings to a CSV file format.
 

AWS ESS applications needed a CSV export feature that would be completely automated and available to do in just a few clicks.

Experience Design

Interface Design

User Research

User Testing

what is
CSV EXPORT?

A feature that allows the customer to select all or a filtered subset of findings in a Security Hub account and region then export these to a CSV file format. They can use both, the Security Hub console and/or an API to export findings to CSV.

Customers using the console can access the exports directly in the console. Those using an API can access the download via a designated S3 bucket.

*For definitions select terms from the link menu on the right.

CSV-intro.jpg

The finished product in the flesh...

my
ROLE

I joined the project as Senior Experience Designer, partnering with the PM, SDM and UX Director to build a new feature to automate downloading specified (filtered) findings to a CSV file format in a few simple clicks. The process needed to be intuitive and universal (across all Security Hub applications). I was engaged in every facet of the project's development including, process audits, personas development and user stories, workflows, wireframes, and high-fidelity prototypes through user testing.

Microsoft Office 365
Asana

Figma

Responsibilities: Product design including, experience, interface and visual design, wireframing, prototyping and user testing.

feature
SCOPE

The CSV export feature enables the customer to

  • use the Security Hub console or API to export their findings to a CSV file in an S3 bucket they own.

  • use the Security Hub console to create a destination S3 bucket.

  • optionally add filters to an Export Task to narrow down the findings included in the exported file.
    (available for API only).

  • view the history of their Export Task paths from the last 90 days via the console or API.

  • reference a guide to show them how to configure their S3 destination bucket that allows least permission access by Security Hub i.e. write access similar to AMZ GuardDuty.

  • execute one download per account per region per day. (required limit as the feature is free).

  • include a maximum of 1 million findings in an individual export file
    (Capacity based on max. excel rows - 1,048,575).

user
EXPERIENCE

As an AWS customer, I want the ability to export findings to a exportable CSV file format without having to build custom infrastructure to support this functionality.

Scenario - Exporting Findings to a CSV file store in S3.

  • Given I’m on Security Hub’s finding page...

  • And I have configured my export S3 Bucket...

  • When I Click on the button “Download to CSV”...

  • And I have or have not applied filters to my search results to be used to narrow finding results output to the CSV file...

  • I see a notification that I have started the export job with a link to the export jobs page.

personas2.png

BI Engineer - I am a specialist and cloud expert who learns by doing...
 

I'm a data engineer that supports my CP team querying data from AWS Data Lake to produce reports used to guide business decisions and bill customers.

My main goal is to ensure the data we provide fulfills the needs of the teams consuming it, this includes meeting expected timelines and service level agreements (SLAs), maintaining a consistent schema, meeting AWS Data Lake requirements, and collaborate to amend data quality issues and fix pipelines.

“What needs my immediate attention today?”

  • I want a place where I can curate data sets because it will make it easier for me to run reports.

  • I need a way to monitor my pipelines because I want to be able to tell if and where there is a failure.

personas1.png

Data Provider - I am a generalist and cloud novice who learns by doing...

I'm a CP engineer that works to make our team's data available in AWS Data Lake so that other CP teams can query it and accurately bill AWS customers.

​My main goal is to ensure the data we provide fulfills the needs of the teams consuming it, this includes meeting expected timelines and service level agreements (SLAs), maintaining a consistent schema, meeting AWS Data Lake requirements, and collaborate to amend data quality issues and fix pipelines.

“How will I structure my workweek?”

  • I need a simple way to add my data into the data platform that will take my data in its native form and convert it to what the platform can read because it's a lot of work to do it all myself.

  • I need a way to better understand the data consumer's needs because I want to make sure that I am granting them access to the right data.

  • I want a mechanism that allows me to understand the health of my pipelines because I want to make sure that my data reaches the right places

“As an AWS customer, I want the ability to export findings to a downloadable CSV file without having to build custom infrastructure to support this functionality.”
Client-side AWS Security Manager
user
EXPERIENCE

Scenario - Exporting Findings to a CSV file store in S3.

  • I am an AWS security professional and I want to use my findings in a ticketing effort...

  • Given I’m on Security Hub’s finding page...

  • And I have configured my export S3 Bucket...

  • When I Click on the button “Download to CSV”...

  • And I have or have not applied filters to my search results to be used to narrow finding results output to the CSV file...

  • I see a notification that I have started the export job with a link to the export jobs page.

workflow.jpg
“People ignore designs that ignore people.”
Frank Chimero, UX Designer
INSPIRATION
Understand Needs/User
  1. Observe user

  2. Empathize with user

  3. Define problem(s)

IDEATION
Explore solutions
  1. Ideate/Brainstorm

  2. Prototypes (lo-level)

  3. Test/Iterate/repeat

IMPLEMENTATION
Materialize experience
  1. User stories/workflows

  2. Design

  3. Pilots/prototypes (hi-level)

my
PROCESS

First and foremost I like to start my process by asking the right questions, look for patterns and focus in on the deviations - this is what ultimately frames the way I approach the problem and guides me towards the appropriate strategy and tools I'll need to design a solution.

 

With a clear definition and a solid set of requirements, it was time to make it tangible; to build a new feature to automate exporting specified (filtered) findings to a CSV file format in a few simple clicks. The process needed to be intuitive and universal (across all Security Hub applications).

design
SPECIFICS
  1. Filter findings for content of interest - auto-suggest drop-down search with interactive filter tokens.
     

  2. DON’T leave findings page when configuring CSV export/download feature - Use a modal to allow the user to choose Console or API and to designate (or create) S3 output bucket.
     

  3. Alert/notify user via Polaris standard Flashbars (interactive) to indicate download progress, output location and status.
     

  4. Design a history feature that allows user to view and explore 90 day Export Task path runs and status.

visual
IDENTITY

I frequently referenced brand strategy and attributes when developing the visual language.  Building upon AWS's well established (and recently updated) design system, Polaris 3.0, helped me create a holistic experience that felt trusted, progressive and delightful at each touch-point.

AMAZON Squid Ink
AMAZON Orange
Blue 600
Blue 500
Blue 300
Blue 100
Red 600
Orange 600
Green 600
design_system-polaris.jpg
user
EXPERIENCE
  1. Filter (search) findings for content of interest - auto-suggest drop-down search with interactive filter tokens - API only. With no filters selected, CSV downloads entire findings page in console. (User is alerted when more than 1 million findings are slated for export).
     

  2. All findings (raw or matching filtered search) are exported/downloaded as a CSV file to a user designated/configured S3 bucket directly from the console.
     

  3. User is alerted to/notified Alert/notify of download progress, output location and status.

CSV-final1.jpg
CSV-final2.jpg
CSV-final3.jpg
project
SUCCESS
  • Originally slated as a Tier 3 (internal-facing feature refresh), CSV Export’s customer attention in reviews, testing sessions and overall feedback resulted in AWS to elevate it to a Tier 1 (new feature introduction) project.
     

  • The feature was designed as a secondary button in the application’s header action stripe - making it universally adaptable across multiple applications in Security Hub.
     

  • 2 export/download options (select-able from the on-screen modal overlay):
 
    Console: export all findings on current page
    API: export filtered selection of findings directly to a designated S3 bucket.
     

  • 46 customer influences on the CSV Export feature.
     

  • 4th most requested feature in AWS ESS applications.

why was it
SUCCESSFUL
  1. Well researched and documented analysis of the user and their motivation to wanting the CSV export feature - deep understanding of their pain-points and goals.
     

  2. Thinking of the feature in relation to the complete system - iterative wireframes and workflows (user tested) led to using modals and other on-page options to ensure a fluid experience across the entire system journey.
     

  3. Transparency, collaboration and open dialog among a dedicated and knowledgeable inter-disciplinary team allowed for a focused execution of the project.

logo_AWS.png