We are excited to announce a brand-new SLA feature that will be added to the Edgescan Platform.
What is a SLA
A service-level agreement (SLA) is an agreement between two or more parties, regarding particular aspects of a service. SLAs can either be legally binding contracts or an informal contract between internal departments or teams.
Edgescan’s Approach to SLAs
Edgescan facilitates SLAs governing vulnerability remediation time. A user may set SLAs within the Edgescan application to govern the maximum acceptable remediation time required for their vulnerabilities, and with a remediation time specified by the user at each level of risk associated with a vulnerability. Vulnerabilities that exceed this remediation time, therefore violate their SLA. Vulnerabilities violating SLAs are searchable and subsequent reports have the option to have these vulnerabilities highlighted as SLA violations.
How to setup SLAs
SLA settings can be found in the account/settings section by clicking on the highlighted icon of the top right side of the Edgescan webpage:
SLA settings are then accessed by clicking on “SLA settings” in the Account/Settings drop–down menu:
The SLA settings allow 5 separate SLAs to be created and modified, governing the time required to close an open vulnerability at a given level of risk.
SLAs can be created/modified by selecting the edit icon to the right of the relevant risk level:
A form will open that allows users to input the desired remediation time. The time is set by quantity, immediately followed by specifying the days(d), hours(h), and minutes(m) this represents. Multiple types can be provided by space separation.
e.g., “1d 20h 40m” represents 1 day, 20 hours, and 40 minutes any vulnerability of a given risk can remain open before it is in violation of its SLA.
The SLA value is confirmed by selecting the red tick beside the given SLA. Modification can be cancelled by selecting the “x”, which will revert the SLA to its previous state. An SLA may be removed entirely by clearing the SLA form and confirming the value via the red tick.
Viewing Vulnerabilities with an SLA Violation
After SLAs have been set, they can then be viewed in several ways. Using the “SLA Violated” filter on the vulnerabilities homepage allows users to view all vulnerabilities currently violating their associated SLA.
The page for a given vulnerability displays the date when that vulnerability would violate its SLA on the top left.
Open SLA Violations can be viewed in a report in the findings section and are displayed beside risk and identified with “SLA violation”.
Examples on how it can help your team
SLAs can help improve your team’s vulnerability management. They enable better prioritization of remediation through goal setting. SLAs allow teams to make visible and transparent commitments to their organization in relation to vulnerability remediation.
Learn more about Edgescan and how it can help your organization