Skip to main content

Remediation Owner Dashboard

This article details the Remediation owner dashboard, designed to provide remediation owners with a comprehensive overview of all the assets, findings, or tickets that they are responsible for remediating. The dashboard is composed of three main panels — Act, Monitor, and Comply - each offering insights for proactive measures and policy compliance to streamline and optimize the remediation process.

To access the Remediation Owner dashboard, navigate to Dashboard > Remediation owner.

info

To see any data in the remediation owner dashboard, you either must be associated with the finding or asset through the remediation owner cluster and have either the Risk analyst or Remediation owner role assigned to you. Access granted with the informed user cluster does not qualify for inclusion in this dashboard. Additionally, the data in the dashboard is updated following each successful completion of the data orchestration process.

Act panel

The Act panel highlights the most critical items that require immediate attention. This panel offers a comprehensive view of open and new findings, with an emphasis on those that are past due or nearing their service-level agreement (SLA) deadlines. Additionally, it includes requests and tickets related to the remediation owner, ensuring visibility into findings for which they are responsible. The following screenshot illustrates what your act panel may look like:

Remediation owner dashboard Act panel

Key features

The Act panel includes the following sections:

Findings: This section of the Act panel organizes findings assigned to the remediation owner, displaying open items, those requiring urgent action due to SLA deadlines, and findings due both in the immediate week and the upcoming month.

The Findings section contains a My new findings table that displays all new findings discovered in the last 7 days that the remediation owner is responsible for addressing:

Table 1: My new findings table

ColumnDescription
TypeThe type of the finding, indicating the specific nature or category of the security issue identified. This can range from issues related to web application security to concerns about error handling. These types help in categorizing the findings to better understand the area of vulnerability or non-compliance.
TargetsThe application, container, site, or subdomain that the finding is impacting.
Risk scoreThe risk score of the finding on a scale of 0-10.
Compliance statusThe compliance status of the finding. Compliance statuses include Met SLA, Out of SLA, or Within SLA.
First foundThe date on which the finding was first discovered.

The Findings section also contains a My requests table that displays requests related to findings that the remediation owner is responsible for addressing:

Table 2: My requests table

ColumnDescription
StatusThe status of the request. Statuses include active, false positive, fixed, reopened, risk accepted, or risk temporarily accepted.
NameThe name of the request. You can click the name to view the details of the request.
TypeThe type of request. Types include exception requests, false positive requests, or risk acceptance requests.
ReviewerThe name of the individual responsible for reviewing and acting on the request.
Date CreatedThe date on which the request was created.

Tickets: This section of the Act panel showcases tickets that contain findings for which the remediation owner is responsible. It highlights open tickets, especially those urgently requiring attention. Additionally, the panel displays tickets due in the next 7 days and in the upcoming month, with these due dates representing the last time the data supporting the visualizations were updated, which may differ from today's date.

The Tickets section also contains a My new tickets table that displays tickets containing findings the remediation owner needs to address, regardless of whether the tickets are directly assigned to them:

Table 3: My new tickets table

ColumnDescription
StatusThe current status of the ticket. Statuses include backlog, closed, in progress, open, or to-do.
NameThe name of the ticket.
External UIDsThe identifier for the ticket in an external system, such as a Jira ticket ID, visible when the ticket is pushed to an external system.
ProgressThe proportion of findings within the ticket that have been addressed, determining the ticket's progress towards resolution. The progress is measured on a scale from 0-100 and is illustrated on a linear gauge.
Risk scoreThe risk score associated with the ticket.
Compliance statusThe compliance status of the ticket in relation to compliance requirements and standards. Compliance statuses include Met SLA, Out of SLA, or Within SLA.
Date createdThe date on which the ticket was initially created.
Date closedThe date on which the ticket was resolved or closed.
Due dateThe deadline for the ticket to be addressed or resolved.

Monitor panel

The Monitor panel is designed as an informational tool for remediation owners to track and understand their responsibilities and activities over time. This panel provides a broad view to observe trends and changes in your assigned assets, findings, tickets, and requests. The following screenshot illustrates what your monitor panel may look like:

Remediation owner dashboard Monitor panel

Key features

The Monitor panel includes the following sections:

  • Assets: This section of the Monitor panel organizes the assets that the remediation owner has visibility into, including assets that may not have current findings. It displays the total assets by status (active or inactive), active assets by risk rating (low, medium, high, or critical), and active assets by technology type, such as laptops, servers, phones, or tablets.

  • Findings: This section of the Monitor panel organizes findings assigned to the remediation owner by various criteria. It categorizes findings based on severity levels and SLA deadlines, and tracks findings first seen or resolved in the last 30 days. It also presents a comparative view of open and closed findings over time, as well as a breakdown of open findings by their types.

    info

    The types of findings are the data models that extend Finding. These types include alerts, dynamic code findings, manual findings, open source findings, pentest findings, static code findings, violations, and vulnerabilities.

  • Tickets: This section of the Monitor panel provides a comprehensive view of tickets related to the findings the remediation owner is responsible for addressing. It encompasses a range of metrics to effectively track and monitor tickets, including:

    • Ticket by status category: Displays the current status of the tickets, categorizing them as either open or closed, giving a quick snapshot of ongoing versus completed tasks.

    • Open tickets by compliance status: Highlights open tickets containing findings assigned to the remediation owner, specifically focusing on their compliance status, such as Within SLA or Met SLA. This can help remediation owners adhere to their organization's established service-level agreements.

    • Open tickets by type: Categorizes ticket counts by types, such as vulnerability tickets, violation tickets, or pentest tickets. This breakdown can help remediation owners understand the nature and variety of issues being managed.

  • Requests: This section of the Monitor panel organizes the requests containing findings assigned to the remediation owner and their related findings. Key features of this section include:

    • Requests by status: Tracks requests by their current status over time, helping remediation owners visualize and identify trends or spikes in request activities.

    • Findings with approved request status by risk rating: Displays a count of findings in approved requests, segmented by their risk ratings. This information can help remediation owners understand the volume and severity of findings affected by approvals.

    • Open findings by request status: Presents a count of open findings over time that are currently associated with requests, categorized by the status of these requests, such as Approved, Expired, In Review, New, or Rejected. This can help the remediation owner gauge the pending requests and their implications on open findings.

Comply panel

The Comply panel provides remediation owners with insights into their performance in adhering to SLA deadlines and the nature of their assigned findings that could be causing issues in meeting those deadlines. The following screenshot illustrates what your comply panel may look like:

Remediation owner dashboard Comply panel

Key features

Key features of this section include:

  • My open findings out of SLA: Highlights all open findings that have not met their SLA deadlines.

  • My critical open findings out of SLA: Focuses on critical findings that are out of SLA. This allows remediation owners to identify and prioritize the most severe issues that require immediate attention.

  • My closed findings that met SLA: Displays the findings that were successfully closed within their SLA timelines, offering insights into the effectiveness and efficiency of the remediation process.

  • My out of SLA Findings by type: Categorizes all findings that are out of SLA by their specific type, enabling remediation owners to understand the potentially common types of delayed findings.

  • My critical out of SLA Findings by type: Categorizes critical findings that are out of SLA by type, helping remediation owners prioritize areas that may require immediate action.

This section also includes a table that provides an overview of the different default SLA levels for findings and tickets, along with the allotted days for fixing issues corresponding to each level:

Table 4: SLA levels

ColumnDescription
SLA definitionThe name of the SLA definition.
NameThe service level defined by the SLA. While default levels such as L1, L2, L3, and L4 are provided as examples, you can configure these levels according to the needs of your organization.
Calendar policyThe days in which the SLA is measured, either Consecutive days or Business days. Business days include Monday through Friday.
Time lengthThe amount of time, in days, before the findings or tickets are considered out of SLA.
Time unitThe time unit for the service level.