You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Configure and manage Service Level Agreements (SLAs) for security issues
The SLA Management feature allows users to define Service Level Agreements (SLAs) for security issues based on their urgency levels. It helps ensure that issues are addressed within specified timeframes and provides notifications when SLAs are not met.
Who it's For
This feature is primarily designed for project managers, security teams, and developers who need to manage and prioritize security issues effectively.
Key Features and Benefits
- Define SLAs with customizable remediation and escalation timeframes for different urgency levels (e.g., Critical, High, Medium, Low)
- Receive notifications (email or Slack) when issues are approaching or exceeding their SLA deadlines
- Track issue aging and SLA compliance through a dedicated reporting page
- Improve accountability and response times for addressing security vulnerabilities
- Enhance collaboration and communication between teams by aligning on SLA expectations
How to Access
The SLA Management feature is accessible through the "Policies" section of the application. Users with the appropriate permissions can navigate to the "SLA Management" page to configure and manage SLAs.
Setup Instructions
Log in to the application and navigate to the "Policies" section
Click on the "SLA Management" tab or link
Click the "Create Issue SLA" button to set up a new SLA
In the SLA creation modal, select the desired urgency levels (e.g., Critical, High, Medium, Low) by checking the corresponding checkboxes
Set the remediation and escalation timeframes (in days) for the selected urgency levels
Choose the notification method(s) by checking the "Email" and/or "Slack Integration" options. If selecting Slack, choose the desired integration from the dropdown.
Make sure you have configured your Slack integrations in the Integrations section before enabling Slack notifications. See the [Slack Integration Guide](slack) for setup instructions.
Click "Save SLA" to finalize the SLA configuration
Usage Guide
Viewing and Managing SLAs
- On the "SLA Management" page, you can view a list of all defined SLAs for your company
- Use the provided actions (edit, delete) to manage existing SLAs
Issue Tracking and Notifications
- When a new security issue is created, it will be automatically associated with the appropriate SLA based on its urgency level
- As the issue approaches its remediation and escalation deadlines, notifications will be sent to the configured recipients (assigned user or project owners)
- The issue's status will be updated to reflect its SLA compliance (overdue or escalated)
- SLA notifications are sent once a day, checking for any issues that have passed their remediation or escalation deadlines
Reporting and Analytics
- Access the dedicated "Issue Aging" reporting page for a comprehensive overview
- Filter and sort issues based on various criteria
- Identify trends and patterns to improve processes
Examples
Setting up an SLA for Critical Issues
Create a new SLA and check the "Critical" urgency level
Set the remediation timeframe to 2 days and the escalation timeframe to 3 days
Check the "Email" option and select a Slack integration (if available)
Tracking SLA Compliance
On the "Issue Aging" reporting page, filter the issues by the desired project
Review the list of issues, their urgency levels, and their SLA status (overdue or escalated)
Identify any overdue or escalated issues and prioritize their resolution based on the defined SLAs
Best Practices
- Regularly review and update SLAs to align with changing business priorities
- Involve relevant stakeholders in defining SLA timeframes
- Leverage reporting capabilities to identify areas for improvement
- Integrate with existing issue tracking and project management tools
Troubleshooting
- If you encounter issues while creating or editing SLAs, ensure that you have the necessary permissions and try refreshing the page
- If notifications are not being received, verify the configured notification methods and check for delivery failures
- If the issue aging or SLA compliance data appears inaccurate, try refreshing the reporting page or contact support
