Vulnerable item SLA not working

KashishV · ‎01-14-2025

Hello Everyone,

When the risk rating of a vulnerability changes from one level to another, the SLO should begin or begin again when the rating changes. Basically the SLO clock should Restart anytime the Risk Rating changes.

Example of the current error:

It went from Risk rating of none to High. But the SLO was already missed instead of starting the 30 day countdown when the state/rating changed.

The SLA of a VIT records should get reapplied accordingly whenever the risk_rating changes to have enough time to work on a specified VIT record and to avoid target missed.

Vendor's Response

We have confirmed that retrospective calculation is not available in Vulnerability response.
With existing OOTB configuration, and the VIs risk score being updated like in instance, and only fields like Last Opened, First Found, Last Found and Created choice values present on the Target from (date)(target_from), your VI is bound to be set to Target missed and there is no way you can have them recalculated as per the current update time that satisfy the Remediation target rule conditions.

Hope this explains.

Sarath S · ‎02-10-2025

Hi, Thank you for sharing this scenario with us. We understand the importance of having the SLA clock restart when the risk rating of a vulnerability changes, and how this can affect the remediation target date.

We are actively reviewing an OOB solution for configuring the start, restart, and pause of the remediation target date when the risk rating changes , when VIT or RT Is reassigned tec. Our goal is to ensure that the vulnerability remediation process is more dynamic and better reflects real-time risk assessments.

We appreciate your patience as we continue to explore and refine this functionality. We will keep you updated on any new developments related to this feature.

Thanks,

Sarath S

Senior Staff Product Manager- Vulnerability Response