Hey all, I’d like to share how Mattermost has been working closely with our customers to modernize their processes to handle workflows quickly and effectively, resulting in improved business outcomes.
Some examples of new solutions we’re exploring right now include:
- Automations with triggers and actions
- Conditional workflows
- Process digitization with AI assistance
- Reporting dashboards and auditing exports
- Tasks inbox and notifications
Today we’ll focus on conditional workflows. This solution aims to improve adaptability so playbooks can evolve dynamically as an incident evolves.
Incident response processes currently are too static and unable to adapt to changing conditions or new information. This can result in a lot of context switching between tools and processes in the heat of an incident. Responders can easily become overwhelmed with irrelevant or unimportant tasks, making it hard to stay focused on what truly matters.
With that said, let’s have a look at some of the conceptual improvements we’re exploring.
Check out the demo below:
Conditional Tasks
In our playbook, we have tasks that show only when specific conditions are met. For instance, if a team member updates the severity to Sev-1, we can see some additional tasks added to the Engagement checklist. This prevents clutter and ensures the team focuses only on relevant tasks.
Additionally, tasks can show based on an “Incident Type” property as well. If the type is set to “Malware,” tasks specific to malware incidents appear in the Containment checklist. This ensures that all necessary steps are visible and relevant to the situation.
Making tasks conditional
In the playbooks editor, you’ll find the option to add tasks and sections. Each task can be configured to appear only when certain conditions are met. For example, you can set a task to appear only when the Incident Type is set to "Malware”. Additionally, you can drag various other tasks beneath this conditional as well.
Similarly, you can configure other tasks within this checklist to appear only when the incident severity is updated to Sev-1.
Let us know what you think
So, that’s a very quick summary of the feature. Is this a feature you would find value in? We’d love to hear from you.