Security Exposure Management Approvals View

  • Release version: Australia
  • Updated March 12, 2026
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Security Exposure Management Approvals View

    The Security Exposure Management Approvals View centralizes and simplifies the approval process for vulnerability and compliance exception requests. It enhances workflow efficiency and visibility for Approvers by providing a unified interface to manage all types of approval requests related to remediation activities.

    Show full answer Show less

    Key Features

    • Approvals Landing Page: Offers multiple navigation widgets to categorize and prioritize approval requests, including:
      • Today’s approvals – actions due today
      • Pending approvals – awaiting actions beyond today
      • Exception approvals – for exception requests like delayed patching
      • False positive approvals – for scanner misreports
      • All approvals – consolidated list of all approval types
      • Overdue approvals – requests past their due date
      • Expiring exceptions – exceptions expiring within 7 days
      • Exception extensions – requests for deferral extensions
      • Repeated rejections – resubmitted requests after prior rejection
    • Interactive Approval Requests: Each request includes detailed information such as Record Reference, Request Type, Risk Rating, Remediation Status, Assignment Group, and Current State, with clickable links to associated findings.
    • Integrated Finding Records: Users can view detailed attributes of findings and related approvals, and submit deferral requests directly from the Security Exposure Management workspace.
    • Unified Approval Actions: Approvers can review, approve, or reject requests within the same record, with all comments and actions recorded for audit and traceability.
    • Generative AI Assistance: AI-driven recommendations help streamline approval decisions for exceptions and false positive requests.
    • Legacy Support: Links to legacy approval requests are available during migration to ensure continuity.

    Key Outcomes

    • Improved visibility and streamlined management of all approval requests in one place.
    • Faster and more informed decision-making through access to comprehensive request details and AI recommendations.
    • Enhanced traceability with recorded approval actions and comments.
    • Simplified workflows for Approvers, reducing delays in vulnerability and compliance exception handling.

    The approval process in Security Exposure Management for vulnerability and compliance exceptions is unified to simplify workflows, improve visibility, and streamline actions for Approvers.

    The Approvals landing page provides a comprehensive view of all approval requests initiated by remediation owners to view specific requests, with navigation widgets such as:
    • Today’s approvals: Approvals due for action today (e.g., an unassignment request expiring by end of day).
    • Pending approvals: Approvals awaiting action beyond today across all request types.
    • Exception approvals: Approvals specifically for exception requests (e.g., a request to allow delayed patching of a high-risk vulnerability).
    • False positive approvals: Approvals for requests flagged as false positives (e.g., scanner incorrectly reporting a vulnerability on a host).
    • All approvals: Consolidated list of all approvals, including exception, false positive, risk reduction, and unassignment (e.g., a single view of everything awaiting your approval).
    • Overdue approvals: Approvals that have crossed their due date (e.g., a risk reduction request that was supposed to be approved yesterday).
    • Expiring exceptions: Exceptions scheduled to expire within the next 7 days.
    • Exception extensions: Deferral extension requests raised after an initial exception request was approved. The initial request may still be in an approved state or may have already expired. This widget covers two scenarios:
      • An extension request raised directly against an existing finding.
      • A new vulnerability change approval (VCA) created after a previously approved VCA's finding expired. This new request is treated as a continuation of the original exception.
    • Repeated rejections: Approvals where a remediation owner has resubmitted a VCA for the same deferral exception after a prior VCA was rejected.
    Each approval request contains interactive links that provide access to detailed information, including Record Reference for findings, Request Type, Request Number, Risk Rating, Remediation Status, Approval Assignment Group, and Current State. You can also access click-able links to view details related to associated findings. See Configure Approval List and Form View.

    When opening a finding record (e.g., VIT, AVIT, CVIT, Test Results), users can view detailed attributes such as state, remediation status, assignment group, information about the finding, relevant detections, change approvals, and requested approvals.

    You can defer a finding or remediation task directly from its respective form in the Security Exposure Management workspace. Once submitted, the request is sent for approval. This unification offers:

    View the requester, purpose, impacted services, approval levels, and comments all in one place.

    Approvers can approve or reject requests directly within the same record. See Reviewing an Approval Request.

    Every comment and approval action is recorded and attributed.

    You can use generative AI to streamline the approval process for exceptions and false positive requests with AI-driven recommendations. For more information, see: Generate approval recommendations with generative AI

    All requests including pending, overdue, or completed, are easy to locate and manage in the single view. Links to legacy approval requests are available for items that remain in the old flow during the migration period.