You will be able to configure how Vuln Instances will be measured for SLA compliance within the platform.
Overview
Each organization has a different set of policies and expectations for how quickly their VM teams should be able to remediate vulnerabilities. You will now be able to configure the base set of SLA rules the platform will use.
We have several improvements planned for this capability over the next several months, one being the ability to create custom rules.
Quick Definitions
In order to configure SLAs for Vuln Instances you have to understand the following topics and terms:
- Asset Criticality: Asset's within UVRM can be given an Asset Criticality (aka Value) of 1-5. 1 being the most Critical and 5 being None.
- Vuln Severity: Vulnerabilities have a Severity between Urgent, Critical, High, Medium, or Low. Note: this is not Vulnerability Instance Severity but the Vulnerability Severity.
- Difference between Vuln Severity and Vuln Instance Severity: Vulnerabilities are usually provided by Scanners that Aggregate similar CVEs into one Vulnerability. This is helpful to track a Vulnerability by a given name or ID regardless of CVEs. However, not all Scanners provide this and in these cases they typically only provide a CVE as a vulnerability. In our system these are Vuln Instances. Vuln Instances are the specific CVEs found on a specific Asset.
An SLA in 6.0 is the mapping of an Asset's Criticality with the specific Vuln Severity being evaluated. For instance if an Asset has an Asset Criticality of Critical and a Vuln with a Severity of Urgent you can set that Vuln Instance to have an SLA of 7 Days.
Setting your SLAs
You have the ability to create your SLAs using a matrix between Asset Criticality and Vuln Severity.
Some example configurations:
- All Assets with a Criticality of Critical should be remediated within 7 days regardless of Vuln Severity.
Urgent | Critical | High | Medium | Low | |
Critical | 7 | 7 | 7 | 7 | 7 |
- Normal use case
Urgent | Critical | High | Medium | Low | |
Critical | 7 | 14 | 45 | 90 | 365 |
High | 7 | 30 | 45 | 90 | 365 |
Medium | 7 | 45 | 90 | 365 | 365 |
Low | 365 | 365 | 365 | 365 | 365 |
None | 365 | 365 | 365 | 365 | 365 |
In the near future we will allow you to define the X axis of this map by using Queries to identify the assets for that rule. This will give Admins more flexibility in defining their policies as SLAs.