I’m looking to build a burndown chart to show the date when a vulnerability is identified then remediated per asset. I’m able to achieve this by using the following tables:
The issue I’m encountering is
fact_asset_vulnerability_finding_date in our system is 50 million rows as of writing. The
fact_asset_vulnerability_finding table only shows active vulnerabilities, not remediated ones. To provide a view with the asset_id, vulnerability_id, identified date, and remediated date is extremely taxing for even a single resource.
Is there a recommendation on how to manage this? Does the date of identification exist in any other table for remediated vulnerabilities?