Bulk edit risk reduction
Use bulk edit risk reduction to request an adjusted risk rating and apply compensating controls across multiple vulnerable items that share a single vulnerability.
When you select multiple findings in the Unified Security Exposure Management, the Bulk Edit dialog lets you submit a risk reduction request alongside a deferral request. Selecting Mitigating Control in Place as the reason exposes the Request for Risk Reduction option, where you specify the desired risk rating and the compensating controls to apply.
Risk reduction workflow overview
Submitting a bulk risk reduction request creates a single Remediation Task for the selected items. The task enters an In review state and generates approval requests for both the deferral and the risk reduction at each configured approval level. After all approvals are granted, the Remediation Task transitions to Deferred state and the risk ratings on the affected vulnerable items are updated to the approved desired rating.
Work notes added during the bulk edit are recorded on the Remediation Task and reflect the compensating controls and risk adjustments applied.
Eligible item states
The bulk edit action applies only to items in an Open, Under Investigation, or Awaiting Review state. Items in other states are excluded from the update regardless of their selection status.