Overview
In most organizations, leaders and analysts rely on static reports and dashboards to understand their data. While useful, these often require users to toggle through several views to locate key metrics, identify anomalies, or detect emerging risks. This makes it difficult to gain immediate, actionable insights when time-sensitive decisions need to be made.
The Ask a Question feature in Riskflow provides a conversational way for users to access insights from their data. It helps teams quickly find answers without manually navigating multiple dashboards or reports. The Ask a Question feature addresses this challenge by allowing users to interact with their data in plain English and leverage generative artificial intelligence (genAI) to understand and develop documents related to cybersecurity, governance, risk and compliance.
Instead of writing SQL queries or applying complex filters or searching the web for document templates, users can type questions such as:
“What active user accounts (show id and name) have had no authentication events in the last week?”
“Show me the device id, hostname and number of vulnerabilities of all active devices with the most critical and high vulnerabilities.”“Help me write a grc policy document or template for phishing simulation that is NIST 800-53 compliant”
Riskflow interprets questions, automatically generates the underlying data query, and returns insights in a variety of forms including tables, graphs, analytical summaries and documents. Outputs can include contextual information such as trends, severity levels, and business impact — enabling users to move quickly from data to decision.
This feature is especially useful for:
Governance, Risk and Compliance (GRC) teams, who require fast access to risk posture summaries.
Security analysts, who need to identify patterns or anomalies without building manual queries.
Data engineers, who want to quickly validate data flows and quality.
Leadership users, who want quick, conversational insights without navigating multiple dashboards.
How to Use
Follow these steps to use the feature effectively:
Access the Feature: Click on the Riskflow button in the top navigation bar.
.png?sv=2022-11-02&spr=https&st=2025-10-16T09%3A34%3A17Z&se=2025-10-16T09%3A49%3A17Z&sr=c&sp=r&sig=yz%2BPRlxHNrbspZ4NEpiyq9xbl5dVbPOJhIqhNUb02%2B4%3D)
Ask a Question: Type your query in the input field. For example: “Show me your current vulnerabilities”.
Click Submit to view the results.
.png?sv=2022-11-02&spr=https&st=2025-10-16T09%3A34%3A17Z&se=2025-10-16T09%3A49%3A17Z&sr=c&sp=r&sig=yz%2BPRlxHNrbspZ4NEpiyq9xbl5dVbPOJhIqhNUb02%2B4%3D)
View Results: The system displays the requested data along with analytical summaries and insights.
Add to Console (Optional): Click the Add To Console button to save the insight to a Console page for future reference. Insights are preserved as a combination of the generated SQL and associated visualization (i.e., table, graph, etc.).
Follow-Up Questions: At the bottom of the page, you can type a follow-up question in the field to explore the data further. Example: “How many systems are affected by CVE-2025-1111?”
Start a New Chat: Click New Chat to begin a fresh query session.
.png?sv=2022-11-02&spr=https&st=2025-10-16T09%3A34%3A17Z&se=2025-10-16T09%3A49%3A17Z&sr=c&sp=r&sig=yz%2BPRlxHNrbspZ4NEpiyq9xbl5dVbPOJhIqhNUb02%2B4%3D)
View History: The Ask A Question History panel on the left side displays all previous questions. Click any item in the history to view the results again.
Configuring AI-based Data Analysis
Ask A Question has the option to take a small number of data samples (up to 100) for any data query generated and submit them to the generative AI model for additional summary and insight. By default, this option is disabled. If you wish to enable this option, a DataBee Administrator may do so under the Configuration
System | Beekeeper menu.
.png?sv=2022-11-02&spr=https&st=2025-10-16T09%3A34%3A17Z&se=2025-10-16T09%3A49%3A17Z&sr=c&sp=r&sig=yz%2BPRlxHNrbspZ4NEpiyq9xbl5dVbPOJhIqhNUb02%2B4%3D)
.png?sv=2022-11-02&spr=https&st=2025-10-16T09%3A34%3A17Z&se=2025-10-16T09%3A49%3A17Z&sr=c&sp=r&sig=yz%2BPRlxHNrbspZ4NEpiyq9xbl5dVbPOJhIqhNUb02%2B4%3D)
Use of Artificial Intelligence
The Ask a Question feature creates content using Artificial Intelligence. While we strive for accuracy, we encourage readers to verify important information. We use AI-generated content to increase efficiencies and provide certain insights, but we can not guarantee these are error-free and they may not reflect human expertise or opinions.
This feature does not use your data to train or augment any public or private AI models. Depending on configuration, data samples from your data lake may be submitted to AI models for inference, analysis and summation (see Configuring AI-based Data Analysis). DataBee leverages Anthropic LLMs hosted within AWS Bedrock for all generative AI tasks.
Best Practices
The Ask a Question feature in Riskflow provides powerful, AI-driven insights into your organization’s security posture. To maximize its effectiveness, follow these best practices:
Ensure Data Readiness
Riskflow works best with structured, validated GRC and security data such as:
Vulnerability lists with severity and CVSS scores
Asset inventories and classifications
Incident logs with timestamps and system context
Ensure that critical identifiers (like CVE IDs, asset names, or system IDs) are consistent across your environment for accurate insights.
Frame Questions Appropriately
Ask questions that align with your data’s structure whenever possible. Examples:
“Show me all active critical vulnerabilities”
“Which systems have the most unpatched high-severity vulnerabilities?”
“What vulnerabilities were detected in the last 7 days?”
Avoid ambiguous or overly granular queries that cannot be directly answered from the data. If DataBee determines a question is too ambiguous, you will be asked for additional clarification before data queries will be generated.
Focus on trends, comparisons, or aggregations that your data supports.
Use Context and Follow-Ups
Riskflow retains conversation context, allowing follow-up questions to refine your insights.
Example sequence:
“Show me current vulnerabilities”
“Which systems are affected by CVE-2025-1111?”
“What is the patch status for these systems?”
Starting a New Chat resets context, so use it when beginning a separate investigation.
Interpret Insights Carefully
The AI provides summaries and analysis derived from a sample of your data (typically less than 100 rows), such as:
Distributions
Trends over time
Prevalent vulnerabilities or affected systems
Always review the data table alongside the AI-generated summary to verify insights.
Riskflow does not generate data; it interprets existing data in context, so understanding your dataset is crucial.
Use Ask a Question History for Tracking
The Ask a Question History panel allows you to review all previous queries and results, making it easy to track investigations or recurring issues.
Be Aware of Limitations
Riskflow is aware of. a limited number of OCSF and CDP data tables. As such, it can only generate SQL queries that relate to devices, users, applications, vulnerabilities and authentication events. The number of supported tables will increase in future versions so keep an eye on release notifications and updates to this page.
Riskflow provides analytical summaries based on the data available, but it has limited ability to calculate metrics that are not already defined.
Insights are most accurate when questions are structured around existing fields, metrics, and validated security datasets.
Avoid expecting the AI to generate speculative or unverified conclusions.
Tips for Effective Queries
Use clear entity identifiers (e.g., CVE ID, system name).
Specify timeframes where relevant (e.g., “last 7 days” instead of “recently”).
Ask about top contributors, trends, or high-severity items to get actionable insights.
Break complex queries into multiple focused questions for best results.