The SLA Tracking report provides visibility into the overall status and progress of SLA across the organization and per Business Group. The SLA Tracking report is entirely based on the defined SLA policies. SLA Policies let you establish clear and measurable guidelines to monitor and measure vulnerability remediation across the organization. SLA policies are like a target or a deadline within which your team is expected to respond and resolve vulnerabilities. Once you define your SLA, you can start gaining valuable insight from the SLA Tracking report and re-assess your remediation efforts. Note that the report only counts assets with defined SLA (SLA days value is set to > 0).

Use the Filters pane on the right to focus your report, click on a specific data element to filter the entire report or to access more data, and hover over a widget for more actions and info.

First, ensure you cover the Reports (Analytics) Filters and Data Drilling to learn about the expected behavior of the trends and the presented data.

The SLA KPIs are the first and main widgets you encounter when entering the SLA Tracking report.

What does each KPI represent?

Count of findings (instances) *approaching the SLA due date (~20% to due date), distributed by Risk Level. Strive to have a significantly low or no count for Critical and High risk levels.

* “approaching“ = 20% of the SLA set under SLA Policies.

The percentage of assets that are compliant with the SLA policy over time. Higher is better. You can use the data-drilling buttons to dig deeper into the data.

Percentage of assets that are compliant with their EOL over time.

Count of findings (instances) exceeding the assigned SLA policy (weren't remediated within the SLA timeframe), distributed by Risk Level over time. Data-drill-down buttons allow deeper views into the data. Downward graphs on all risk trends are ideal, particularly for High and Critical risk levels.

Count of findings (instances) exceeding SLA by days and Risk Level. Every bar group represents a range of days and the count of findings (instances) exceeding SLA within that date range by Risk Level.

For example, the trend below shows that there are currently 200 findings (instances) in Critical Risk in a "Exceeding SLA" state for 4-10 days.

You can filter to show only a specific risk level to better understand the number of findings (instances) in an "Exceeding SLA" status, particularly in High and Critical risk levels.

Count of all SLA-compliant and SLA-exceeded findings (instances) by Business Group, stacked by Risk Level.

Count of findings (instances) that exceeded the SLA policy, by Business Group and Risk Level. Use the filtering pane to show Critical or High findings (instances).

Count of findings (instances) compliant with SLA by Business Group and Risk Level.

Dynamic detailed list of unique vulnerabilities posing a risk. The list displays only vulnerabilities in the statuses "Vulnerable" and "In Progress". Click on the vulnerability hyperlink for more details and to take remediation action. This dynamic list responds to selecting other data elements in other widgets.

Read our Reports (Analytics) FAQ and Data Validation article here.