Configuring remediation target rules

  • Release version: Yokohama
  • Updated July 31, 2025
  • 6 minutes to read

    • By configuring remediation target rules, you can set the expected time frame for addressing findings, similar to how service level agreements (SLAs) set deadlines for fixing vulnerabilities.

    The base system ships with three remediation target rules that are applicable only for application vulnerable items:
    • Critical Risk Rating Rule: A remediation target with a 1-Critical risk rating, a remediation target of 15 days, and a reminder of 7 days before the target date.
    • Less Critical Risk Rating Rule: A remediation target with either a 2-High or 3-Medium risk rating a remediation target of 30 days, and a reminder of 7 days before the target date.
    • Medium-High RIsk Rating Rule: A remediation target with a 4-Low risk rating a remediation target of 45 days, and a reminder of 7 days before the target date.
    These rules are inactive by default. If you choose to edit one, rather than create a new one, remember to check the Active box before saving.

    Create or edit remediation target rules

    Create remediation target rules to ensure the timely remediation of high-risk vulnerabilities by setting up a remediation target rule at the findings level.

    Before you begin

    Role required: See Access control lists (ACLs) for administration rules

    Procedure

    1. Navigate to Workspaces > Security Exposure Management Workspace.
    2. Select Administration in the navigation pane.
    3. Select Review on the Remediation target rules tile.
    4. On the Rules page, select Remediation target in the navigation pane.
    5. Select New.
    6. On the remediation target rule form, enter the required details.
      For a full description of each field, see Remediation target rule fields.
    7. Select Save.

      This rule goes into effect during the next run of the scheduled job, Evaluate remediation targets or when using the Reapply button on the Remediation target rules list view. The same is true when an existing rule is updated.

    Recalculate a remediation target date

    The remediation target (RT) date defines when a finding must be remediated. Recalculation verifies that RT dates stay accurate and reflect the latest risk rating updates. When a finding’s risk rating changes, the system can recalculate RT dates using the most recent update date, helping maintain accurate SLAs and avoid outdated or overdue target dates.

    Before you begin

    Note:
    By default, recalculation applies only to findings that aren’t overdue. To include overdue findings in the recalculation, enable the sn_sec_cmn.evaluate_targetmissed_records system property.

    Role required: admin

    About this task

    Procedure

    1. Navigate to Security Exposure Management > Administration > Remediation Target Rules.
    2. Open an existing rule to make updates.

      If you need to create a new rule, select New.

      For instructions, see Create or edit a Vulnerability Response remediation target rule.
    3. Choose how the system should recalculate the remediation target (RT) date when the risk rating changes.
      • In Workspace, this option appears in the Recalculate target date section
      • In Classic view, use the Target recalculation method field.
      ChoiceDescription
      Default calculation Retains the existing RT date. The recalculated date isn’t applied.
      Recalculate from risk change date Updates the Remediation Target date to: Field change time + Target (days) based on the new risk rating.
      Recalculate from risk change date and always set to earliest target date Compares the existing RT date with Field change time + Target (days) and applies the earlier date.
      Recalculate from risk change date and set to earliest target date only when risk rating increases If the risk increases: Compares the existing RT date and the recalculated RT date and applies the earliest date.

      If the risk decreases: Applies Field change time + Target (days) without comparison.
    4. Select Save.

    What to do next

    For more information on remediation target rules, see:

    Examples of recalculating a remediation target date

    The following examples show how the system recalculates the remediation target date based on different rule selections and risk rating changes.

    Note:
    By default, SLAs define the remediation window for each risk level:
    • Low risk: 30 days
    • Medium risk: 15 days
    • High risk: 10 days
    Target from (date) Field change time Initial risk (Target (days)) → New risk (Target (days)) Existing RT date Recalculated RT date What happens
    Default calculation
    Feb 1 Feb 10 Medium (15 days) → High (10 days) Feb 16 (retained) Feb 20 The recalculated RT date isn’t applied. The system keeps the original RT date:

    Target from (date) + Target (days) → Feb 1 + 15 = Feb 16.
    Recalculate from risk change date
    Feb 1 Feb 10 Medium (15 days) → High (10 days) Feb 16 Feb 20 (applied) Uses the recalculation formula: Field change time + Target (days) → Feb 10 + 10 = Feb 20.
    Recalculate from risk change date and always set to earliest target date
    Feb 1 Feb 10 Medium (15 days) → Low (30 days) Feb 16 (applied) Mar 12 Compares the existing RT date (Feb 16) with the recalculated date (Feb 10 + 30 = Mar 12) and selects the earliest date → Feb 16.
    Recalculate from risk change date and set to earliest target date only when risk rating increases
    Feb 1 Feb 10 Low (30 days) → High (10 days) Mar 3 Feb 20 (applied) Because the risk increased, the system compares the existing RT date (Mar 3) with the recalculated date (Feb 20) and applies the earlier date → Feb 20.
    Feb 1 Feb 10 High (10 days) → Low (30 days) Feb 11 Mar 12 (applied) Because the risk decreased, no comparison is performed. The system sets RT date to: Field change time + Target (days) → Feb 10 + 30 = Mar 12.

    Re-evaluate the remediation properties of the records in the Security Exposure Management Workspace

    Evaluate the assignments, remediation target date, remediation tasks, exceptions, and risk score for a set of records (VITs, AVITs, CVITs or TRs) in the Security Exposure Management Workspace.

    Before you begin

    Role required:
    • sn_vul.vulnerability_analyst, or sn_vul.vulnerability_admin for host vulnerable items (VITs)
    • sn_vul.app_sec_manager for application vulnerable items (AVITs)
    • sn_vul_container.vulnerability_analyst or sn_vul_container.vulnerability_admin for container vulnerable items (CVITs)
    • sn_vulc.admin for configuration test results (CTRs)

    About this task

    Previously, applying rules to all records was necessary to obtain the latest assignments, remediation target dates, risk scores, and remediation tasks, which was time-consuming. Now, you can selectively evaluate and update these properties for specific records, reducing processing time. This update also allows for refining the remediation process based on the updated properties. Furthermore, evaluating exception rules for selected records is now possible, streamlining the process.

    Procedure

    1. Navigate to Workspaces > Security Exposure Management Workspace.
    2. On the List page, open the Active or All list in one of the following lists:
      • Host Vulnerable Items
      • Application Vulnerable Items
      • Container Vulnerable Items
      • Configuration Test Results
    3. Optional: Select the check box of the desired records to updated only the selected records by selecting the Selected items option in the modal.
    4. Select the Re-evaluate button.
    5. In the Re-evaluate update remediation properties modal, select the properties that you want to update for the selected records.
      FieldDescription
      Record selection
      • Selected items: Updates the selected records only.
      • All items: Updates all the records in the list.
      Assignments Updates the assignments in the Assignment Group field according to the latest Assignment Rules.
      Risk score Updates the risk score in the Risk score field as per the latest Risk Score Rules.
      Remediation tasks Updates the remediation tasks according to the latest Remediation task rules.
      Exceptions Updates the deferral status of the records according to the latest Exception rules.

      For more information on how the deferral status of the records is updated, see Re-evaluating the exceptions for selected records in the Security Exposure Management Workspace.
      Remediation target date Updates the Remediation target date according to the latest Remediation Target Rules.
      Note:
      When you select a property, its dependent properties are selected automatically.
    6. Select Apply.

    Result

    The properties are updated for the selected records. You can check the Work notes of the records for the previous and latest values of the updated remediation properties.