Re-evaluating the exceptions for selected records in the Security Exposure Management Workspace

  • Release version: Xanadu
  • Updated July 31, 2025
  • 3 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Re-evaluating the exceptions for selected records in the Security Exposure Management Workspace

    The Security Exposure Management Workspace allows users to re-evaluate exceptions for selected records through the "Re-evaluate and update the remediation properties" modal. This process updates the deferral status and until dates according to the most recent exception rules, providing clarity on the status of vulnerable items (VITs).

    Show full answer Show less

    Key Features

    • Scenario Handling: Four primary scenarios determine how records are updated based on their deferral status and exception rule conditions.
    • Exception Rule Details: Users can create and modify exception rules that specify conditions for deferring critical VITs, including valid dates, reasons, and assignment groups.
    • State Changes: The system automatically updates the state of records based on the evaluation of exception rules, ensuring accurate tracking of remediation tasks.

    Key Outcomes

    By re-evaluating exceptions, users can expect:

    • Records to remain deferred if they were manually deferred and continue to meet exception conditions.
    • Records in non-deferral states to be deferred according to the exception rules.
    • State updates for records that no longer meet the conditions of their exception rules, allowing for effective tracking and management of security vulnerabilities.

    In the Security Exposure Management Workspace, when you evaluate the exception rules for a set of records in the Re-evaluate and update the remediation properties modal, their deferral status and until date of deferral are updated as per the latest exception rules.

    Scenarios

    You may come across the following scenarios, when you evaluate the exceptions for a selected set of records in the Re-evaluate and update the remediation properties modal in the Security Exposure Management Workspace:

    Scenario 1: when the selected records are already deferred manually and they match the condition of an exception rule, these records remain in the Deferred state without any changes.

    Scenario 2: when the selected records match the condition in the exception rules and these records are in a non-deferral state (such as open, In Review, Under Investigation), then these records are deferred until the date defined in the exception rule.

    Scenario 3: when the selected records are already in the Deferred state (that are deferred using the exception rule A), they remain in the Deferred state in the following scenarios:
    • the exception rule expires and the records don’t match the condition
    • the exception rule expires and the records match the condition
    • the exception rule A expires and records match the condition of another exception rule B.
    Scenario 4: Consider that the records are deferred using an exception rule. When you change the exception rule condition such that the Deferred state of the records is no longer valid and then reevaluate the exception rules for these records:
    • the records move to the Open state
    • the until date, Deferral date, Deferral count, and other fields are updated.

    Consider that you are evaluating the exceptions for following host vulnerable items (VITs)

    Consider the exception rule with the following details:
    Table 1. Exception rule details
    Field Description Value
    Name Name of the exception rule. Deferring critical VITs
    Valid from Date from which this rule is active to defer the VIs. 20-08-2024
    Valid to Date from which the remediation task stops accepting new VIs. 30-11-2024
    Reason Reason to create this exception rule. Risk Accepted
    Assignment group Group that the remediation task that was created for tracking the deferred VIs is assigned to. Remediation Group 1
    Additional information Additional information that the requester wants to provide to the approver. This information is populated in the description field of the remediation task. This rule has been created to defer the critical VITs automatically.
    Condition Filter condition for the VIs that can be defined while processing the VIs. Risk rating = 5 - Critical
    Execute on existing data Option that enables you to run this rule on existing data the first time that this rule is run. Yes
    State State of the exception rule. Approved
    Execution order Unique order for each exception rule. 100
    Deferred until Date until when the VULs and VIs are deferred. On this date, the created VUL is closed, all the VIs move out of the group, and group rules are reapplied. 2024-12-23 16:10:29
    The following table shows how the state changes when the exception rules are reevaluated for multiple VITs simultaneously:
    Table 2. Records for which exceptions are re-evaluated
    VIT Number State Risk Rating Updated state after reevaluating the exceptions -1 Until date - 1
    VIT120067 Open 2 - Low Open -
    VIT120068 In Review 3 - Medium In Review -
    VIT120069 Under Investigation 5 - Critical Deferred 2024-12-23 16:10:29
    VIT120070 Deferred 5 - Critical Deferred 2024-12-23 16:10:29
    VIT120071 Deferred 2 - Low Deferred 2024-10-02 16:10:29 (Deferred manually)
    VIT120072 Closed 5 - Critical Closed -
    When the condition in the preceding exception rule is modified to Risk rating = 2 - Low and Deferred until is modified to 2024-12-31 14:10:23 the records are updated as follows:
    Table 3. Records for which exceptions are reevaluated
    VIT Number Updated state after reevaluating the exceptions -1 Risk-rating Updated state after reevaluating the exceptions - 2 until date - 2
    VIT120067 Open 2 - Low Deferred 2024-12-31 14:10:23
    VIT120068 In Review 3 - Medium In Review -
    VIT120069 Deferred 5 - Critical Deferred 2024-12-23 16:10:29
    VIT120070 Deferred 5 - Critical Deferred 2024-12-23 16:10:29
    VIT120071 Deferred 2 - Low Deferred (No change in the state) 2024-10-02 16:10:29 (No change in the until date)
    VIT120072 Closed 5 - Critical Closed -