Hello,
A question that has recently come up relating to SLA compliance/reporting is whether there is any way to tell if a vulnerability instance was remediated after it’s due date relative to the configured SLA. For example, let’s say we have an SLA to remediate all critical vulnerabilities within 7 days but an analyst is only viewing metrics on SLAs monthly. There could be a situation where a vulnerability instance was remediated past it’s due date (and was therefore noncompliant with our SLA) but we still want to know if the remediation occurred within the desired timeframe. Would this remediated vulnerability show up in the Past Due column or will it show up in the Remediated column of the SLA overview?
I have attempted to look at documentation but didn’t find an answer.
Thanks