Working with SLAs

The SLA Progress: Vulnerability Age widget helps organizations manage Service Level Agreements (SLAs) by providing a vulnerability view organized by Vulnerability Priority Rating (VPR) Score and vulnerability age. Users can customize both the date and how the severity is calculated by selecting SLA from Tenable Vulnerability Management by navigating to the Settings → General → Service-Level Agreement (SLA) page.

The vulnerabilities that do not meet SLAs are calculated using a date filter for within the last X days. The vulnerabilities that meet SLAs use a date filter for older than X days. When default SLA settings are used, the Critical row displays vulnerabilities with a VPR score greater than 9.0. The High row displays those with VPR between 7.0-8.9, the Medium row displays VPR between 4.0-6.9, and the Low row displays VPR between 0-3.9.

Drilling Down

Clicking a cell in the widget shown above provides greater details about the vulnerabilities in the category, as shown in the following image:

The Conditions field (1) displays the filter used for this search. Clicking on the Plugin name (2) provides an overview of the particular plugin, in the example shown above, the plugin was Ubuntu 16.04 LTS: linux vulnerabilities (USN-2965-1). Clicking the See all Details button (3) provides even greater details about the affected asset and additional vulnerability information, as shown in the following image:

From this view, additional actions can be taken regarding the affected asset.