Hi Community, first time post.
I have a question around the use of an SLA tracker within Goals&SLA’s which I cannot find a defined answer to, and hoping for your input.
So I have an SLA tracker, which should display the % of vulnerability instances remediated within a period of time.
The conditions of the tracker are as follows:
Remediate 100% of vulnerabilities where vulnerability.cvssScore >= 9 && vulnerability.exploits.size > 0 within 2 days of discovery.
My question is, with this scope and conditions set - if there is 10 instances of a particular vulnerability (lets call it CVE-12345) being tracked in our tracker. and we remediate 9 instances of CVE-12345 but not the 10th (so not remediating 100% of vulnerability) within the 2 day period, does this contribute to the overall percentage of remediations?
Secondly and equally as importantly, if we remediate 9 out of 10 instances, but fail to do so within the 2 day scope, is there any movement in the graph? or does this simply not meet the set scope and conditions and therefore is not included in this targets’ progress?
Thanks