Skip to main content

SLA Management

SLA Management lets you put remediation deadlines on your findings and hold your team to them. You define how quickly vulnerabilities of each severity must be acknowledged and fixed, the platform stamps a due date on every matching finding, and it watches the clock for you — flagging anything that's running late or already overdue, and notifying the right people automatically.

What it does

  • Defines remediation timelines by severity — set how many hours (or days) a finding has for each stage of its life: initial response, acknowledgment, resolution, and verification.
  • Targets the right findings — each policy matches on conditions like severity, environment (for example, production), and asset criticality, so a critical production issue can carry a far tighter deadline than a low-severity one in a test environment.
  • Tracks due dates automatically — when a finding is ingested, the platform applies the best-matching policy and calculates its SLA due date. No manual tagging required.
  • Detects breaches continuously — the platform checks open findings against their deadlines in the background and marks anything past due as breached.
  • Escalates and notifies — when a finding breaches (or is approaching its deadline), the platform raises a notification and runs any escalation rules you've configured, so nothing quietly slips.

:::note How policies are chosen A finding is only governed by one policy at a time. If more than one policy's conditions match, the platform applies the policy with the highest priority (a higher priority number wins). This lets a specific rule — say, "critical + production" — override a broader catch-all. :::

How to use it

1. Open SLA Management

Go to Vulnerability Management → SLA Management. You'll find three areas:

  • Policies — the list of SLA policies governing your findings.
  • Create Policy — a form for defining a new policy.
  • Breach Dashboard — the findings that are currently overdue.

2. Start with the default policies

The fastest way to get going is to create the built-in starter policies in one click. These cover common production scenarios:

PolicyResolution deadline
Critical – Production24 hours
High – Production7 days
Medium – Production30 days

Use Create Default Policies to add all three at once, then tune them to match your own commitments.

3. Create or tune a policy

To define your own policy, open Create Policy and set:

  • Name and Description — what the policy covers, in plain terms.
  • Conditions — which findings it applies to (for example, severity = Critical and environment = production).
  • Timeline — the deadlines for each stage, expressed in hours:
    • Response — time to begin initial triage after a finding is detected.
    • Acknowledgment — time for the assigned owner to acknowledge the finding.
    • Resolution — time to get the finding fixed.
    • Verification — time to confirm the fix and close the finding out.
  • Default owner — who the finding is assigned to if no owner is set.
  • Escalation rules — what happens as a deadline approaches or is missed.
  • Priority — used to break ties when several policies match the same finding (higher wins).
  • Active — turn the policy on or off without deleting it.

Existing policies can be edited or removed from the Policies list at any time. Changes apply to findings as they're evaluated going forward.

4. Track due dates and breaches

Once policies are in place, the platform does the watching for you:

  • Every open finding carries an SLA due date based on its matching policy.
  • The platform re-checks open findings against their deadlines automatically in the background, so the breach view stays current without any action from you.
  • The Breach Dashboard lists every finding that's currently past its SLA, so you can see what needs attention right now.
  • Need an on-demand answer? Use Check Breaches to run a fresh scan immediately and update the breach counts.

5. Respond to breaches and warnings

When a deadline is missed — or is about to be — the platform acts:

  • It raises a notification through your configured channels (such as email or Slack).
  • It runs the policy's escalation rules so the issue is routed to the right people.
  • The Breach Dashboard and your security dashboards update in real time.

To clear a breach, move the finding through to resolved (and then verified) before its deadline — once a finding is resolved in time, it's counted as having met its SLA.

:::tip Keep deadlines realistic Set timelines you can actually hit. SLAs are most useful when a breach genuinely means "this needs attention now" — not when everything is perpetually overdue. Start with the defaults, watch the Breach Dashboard for a couple of weeks, and adjust. :::

:::note Permissions Viewing policies and breaches requires the vulnerability view permission. Creating, editing, or deleting policies — and running an on-demand breach check — requires the vulnerability management permission. Roles are managed in Team Management. :::