Create or edit application remediation target rules

  • Release version: Zurich
  • Updated July 31, 2025
  • 2 minutes to read

    • Drive the remediation of high-risk vulnerabilities in a timely manner by setting up a remediation target rule at the application vulnerable item (AVI) level.

    Before you begin

    Role required: App-Sec Manager group

    Note:
    The base system ships with three remediation target rules.
    • Critical Risk Rating Rule
    • Less Critical Risk Rating Rule
    • Medium-High RIsk Rating Rule

    These rules are inactive by default. If you choose to edit one, rather than create a new one, remember to check theActive box before saving.

    Procedure

    1. Navigate to All > Application Vulnerability Response > Administration > Remediation Target Rules.
    2. Click New.
    3. Fill in the fields on the form, as appropriate.
      Field Description
      Name Name of the rule.
      Target (days) Specify the number of days within which the AVIs should be remediated, since last opened.
      V17.1: Target from (date) Date from when the target SLAs are computed. You can specify only the date or the date and time type fields. Default value is Last opened date. To customize the values for this field, see KB1642413.
      Active By default the Active check box is selected, which means the remediation target rule is active. If this check box is cleared, this rule does not apply to new AVIs created in the system.
      Notify (days before due) Number of days prior to the targeted remediation time for a reminder to be set. The notification date calculated using this value is used to show the remediation status and color coding. If the date is before the notification date, the remediation status is “In flight.” If it is past the notification date and before the remediation target date, the status is shown as approaching target.
      Note:
      If this field is set to 0, only a Target Missed notification is set.
      Rule applies to Using the condition filter, select the criteria for applying the rule to the AVIs. To prevent performance impact, test your conditions at full production scale. Testing enables you to determine how long the Evaluate remediation targets job takes to execute, given the conditions and the size of your Configuration Management Database (CMDB).
      Update history
      Activities Unused for initial creation of a rule. Subsequently, system work notes are logged here.
    4. Click Submit.
      This rule goes into effect during the next run of the scheduled job, Evaluate remediation targets. The same is true when an existing rule is updated or when using the Apply Changes button on the Remediation Target Rules list view. The same is true when an existing rule is updated. For more information on the scheduled job and Apply Changes see, Automate remediation target tracking in Application Vulnerability Response.