When analysts create context items, they require admin approval before becoming active. This ensures quality control and governance : admins can review, modify, or reject context items before they influence investigations.
How it works
- Analyst creates context : The item is saved with status "Pending Validation". If the organization has multiple admins, the analyst selects which admin to notify.
- Admin is notified : An email notification is sent to the selected admin
- Admin reviews : Three options:
- Approve ⇒ Context becomes active immediately
- Reject ⇒ Context is not activated; analyst is notified with a reason
- Approve with modifications ⇒ Admin edits the context before activating
- Analyst is notified : Receives email confirmation of the outcome
- Context becomes active : If approved, Qevlar starts using it in investigations
Note: The admin selection only affects who receives the notification. All admins can view and review any pending context item regardless of who was selected.
For Analysts
What to expect after creating a context item:
- Your context item is saved but not active yet
- Status shows as "Pending Validation"
- The admin you selected receives a notification
- You'll receive an email when any admin makes a decision
- If rejected, you'll see the reason and can edit and resubmit
- If approved with modifications, you'll see what was changed
Choosing an admin to notify:
If your organization has multiple admins, you'll see a dropdown to select who should be notified. Choose based on:
- Who is most familiar with this type of context
- Who is available to review quickly
- Your team's internal process
This choice doesn't restrict who can approve, any admin can review and act on your context item.
Tips:
- Write clear explanations to help admins approve faster
- Include business justification (ticket numbers, contract references)
- If urgent, reach out to your admin directly
For Admins
Reviewing pending context items:
- Go to Context in the navigation menu
- Filter by "Pending Validation" status
- Click on an item to review
You can review any pending context item, even if another admin was selected for notification.
When reviewing, check:
- Is the observable correct and specific?
- Is the scope appropriate (not too broad)?
- Is the explanation clear and justified?
- Is an expiry date needed?
Actions:
| Action | When to use | What happens |
|---|---|---|
| Approve | Context is accurate and well-scoped | Context becomes active, analyst notified |
| Reject | Context is incorrect, too broad, or unjustified | Context stays inactive, analyst notified with your reason |
| Approve with modifications | Context needs minor adjustments | You edit, then approve; analyst sees changes |
When rejecting, always provide a reason so the analyst can improve and resubmit.
FAQ
- Can I edit a pending context item? Yes. As an analyst, you can edit your context item while it's pending. The admin will review the latest version.
- How long does approval take? This depends on your organization. If your context is urgent, contact your admin directly.
- What happens if an admin modifies my context? You'll receive an email showing what was changed. The modified version becomes active.
- Can I resubmit a rejected context item? Yes. Edit your context item based on the admin's feedback and save it. It will go back to Pending status for review.
- Who can approve context items? Only users with admin permissions can approve, reject, or modify context items.
- Does selecting an admin restrict who can approve? No. The selection only determines who receives the notification. Any admin can review and approve any pending context item.