Why would you want to edit risks manually?
A scenario to consider
Vulcan’s risk algorithm intelligently incorporates different contextual attributes to produce a dynamic risk score for each vulnerability instance in your environment.
However, sometimes assets or vulnerabilities might occur under specific special circumstances, which would require you to determine their risk score manually. A vulnerability that would otherwise pose a Critical risk could be manually brought down to a Low if the asset it affects has a compensating control such as a firewall that would mitigate the vulnerability.
Manually editing risk
To manually edit a risk on a vulnerability instance:
Navigate to the vulnerability in question.
Click the Assets tab
Select the affected assets you want to change the risk for
Click Edit risk for X assets
In the Edit Risk popup, enter the risk score you want to apply to the affected assets.
Optionally, you may add a comment detailing why you made the change.
You've manually edited risk!
Reverting manual edits
At any point, you may choose to revert any manual edits you made. When a vulnerability affects assets for which the risk score has been edited, the Revet X edits buttons appear.
Clicking the button revert all the changes in the current view to their original, calculated risk.
See it in action
Changes might take a few minutes to be reflected system-wide.
Changing the risk score will affect SLAs. It might cause a breaching vulnerability to become compliant or vice-versa.
By default, all user roles can edit risk scores. If you want to restrict this functionality, see Role Based Access Control.