The SLA Management feature allows users to define Service Level Agreements (SLAs) for security issues based on their urgency levels. It helps ensure that issues are addressed within specified timeframes and provides notifications when SLAs are not met.

Who it’s For

This feature is primarily designed for project managers, security teams, and developers who need to manage and prioritize security issues effectively.

Key Features and Benefits

  • Define SLAs with customizable remediation and escalation timeframes for different urgency levels (e.g., Critical, High, Medium, Low)
  • Receive notifications (email or Slack) when issues are approaching or exceeding their SLA deadlines
  • Track issue aging and SLA compliance through a dedicated reporting page
  • Improve accountability and response times for addressing security vulnerabilities
  • Enhance collaboration and communication between teams by aligning on SLA expectations

How to Access

The SLA Management feature is accessible through the “Policies” section of the application. Users with the appropriate permissions can navigate to the “SLA Management” page to configure and manage SLAs.

Setup Instructions

1

Navigate to Policies

Log in to the application and navigate to the “Policies” section
2

Access SLA Management

Click on the “SLA Management” tab or link
3

Create New SLA

Click the “Create Issue SLA” button to set up a new SLA
4

Configure Urgency Levels

In the SLA creation modal, select the desired urgency levels (e.g., Critical, High, Medium, Low) by checking the corresponding checkboxes
5

Set Timeframes

Set the remediation and escalation timeframes (in days) for the selected urgency levels
6

Configure Notifications

Choose the notification method(s) by checking the “Email” and/or “Slack Integration” options. If selecting Slack, choose the desired integration from the dropdown.
Make sure you have configured your Slack integrations in the Integrations section before enabling Slack notifications. See the Slack Integration Guide for setup instructions.
7

Save Configuration

Click “Save SLA” to finalize the SLA configuration

Usage Guide

Viewing and Managing SLAs

  • On the “SLA Management” page, you can view a list of all defined SLAs for your company
  • Use the provided actions (edit, delete) to manage existing SLAs

Issue Tracking and Notifications

  • When a new security issue is created, it will be automatically associated with the appropriate SLA based on its urgency level
  • As the issue approaches its remediation and escalation deadlines, notifications will be sent to the configured recipients (assigned user or project owners)
  • The issue’s status will be updated to reflect its SLA compliance (overdue or escalated)
  • SLA notifications are sent once a day, checking for any issues that have passed their remediation or escalation deadlines

Reporting and Analytics

  • Access the dedicated “Issue Aging” reporting page for a comprehensive overview
  • Filter and sort issues based on various criteria
  • Identify trends and patterns to improve processes

Examples

Setting up an SLA for Critical Issues

1

Create SLA

Create a new SLA and check the “Critical” urgency level
2

Set Timeframes

Set the remediation timeframe to 2 days and the escalation timeframe to 3 days
3

Configure Notifications

Check the “Email” option and select a Slack integration (if available)

Tracking SLA Compliance

1

Access Reports

On the “Issue Aging” reporting page, filter the issues by the desired project
2

Review Issues

Review the list of issues, their urgency levels, and their SLA status (overdue or escalated)
3

Prioritize

Identify any overdue or escalated issues and prioritize their resolution based on the defined SLAs

Best Practices

  • Regularly review and update SLAs to align with changing business priorities
  • Involve relevant stakeholders in defining SLA timeframes
  • Leverage reporting capabilities to identify areas for improvement
  • Integrate with existing issue tracking and project management tools

Troubleshooting

  • If you encounter issues while creating or editing SLAs, ensure that you have the necessary permissions and try refreshing the page
  • If notifications are not being received, verify the configured notification methods and check for delivery failures
  • If the issue aging or SLA compliance data appears inaccurate, try refreshing the reporting page or contact support