Why would you want to edit risks manually?
A scenario to consider
Vulcan Cyber ExposureOS risk algorithm intelligently incorporates different contextual attributes to produce a dynamic risk score for each finding (instance) in your environment.
However, sometimes assets or vulnerabilities might occur under specific circumstances, requiring you to determine their risk score manually. A vulnerability that would otherwise pose a Critical risk could be manually brought down to a Low if the asset it affects has a compensating control, such as a firewall that would mitigate the vulnerability.
Editing risk manually
To manually edit a risk on a finding (instance):
Navigate to the vulnerability in question.
Click the Assets tab.
Select the affected assets you want to change the risk for.
Click Edit risk for X assets.
In the Edit Risk popup, enter the risk score you want to apply to the affected assets.
Optionally, you may add a comment detailing why you made the change.
Click Save.
You've manually edited risk!
Reverting manual edits
You may revert any manual edits you made at any point. When a vulnerability affects assets for which the risk score has been edited, the Revet X edits buttons appear.
Clicking the button reverts all the changes in the current view to their original, calculated risk.
Notes
Changes might take a few minutes to be reflected system-wide.
Changing the risk score will affect SLAs. It might cause an SLA-Exceeding vulnerability to become compliant or vice-versa.
By default, all user roles can edit risk scores. If you want to restrict this functionality, see Role-Based Access Control.
Read Next: