The Risk Exception report evaluates the accepted risk posed by approved Exception Requests and Risk-Acknowledged findings (instances) from connectors. It adds business context and helps the security team operate within the risk exception and compliance policies. 

The report is mainly based on the data from:

Use the "Filters" pane on the right to focus your report. Click on a specific data element to filter the entire report or access more data. Hover over a widget for more actions and information.

First, make sure you cover Reports (Analytics) Filters and Data Drilling to learn about the expected behavior of the trends and the presented data.

Count of “Approved” exception requests in the selected period. The count on this widget might slightly differ from the count on the "Exceptions" page due to the expected difference between the sync time of Analytics and the sync time of Connectors. Read about "data validation" on the Vulcan Cyber ExposureOS Help Center. This KPI also indicates the percentage of positive (in green), negative (in red), or neutral (in grey) stats change compared to previous periods.

The count of findings (instances) in “Approved” Exception Requests and in connector-generated “Ignored” status. Note that an exception request usually contains more than one finding (instance). Therefore, the count here is usually larger than the number in the "Exception Requests" widget. This KPI also indicates the % of positive (in green), negative (in red), or neutral (in grey) stats change compared to previous periods.

The count of unique vulnerabilities in “Approved” exception requests and in connector-generated “Ignored” status. Note that a unique vulnerability usually contains several findings (instances). Therefore, the count here is always larger than the count in the "Findings (Instances) with Exception Requests" widget on the left. This KPI also indicates the % of positive (in green), negative (in red), or neutral (in grey) stats change compared to previous periods.

The average age in days of all findings (instances) in “Approved” Exception Requests and in connector-generated “Ignored” status. This calculation is based on the “First Seen” column of each finding (instance). To calculate the age of a finding (instance): Today’s date - “First Seen” date = Age in days.

The Risk Mass percentage of all findings (instances) in “Approved” Exception Requests and in connector-generated “Ignored” status out of the total Risk Mass in the organization. To view the total Risk Mass, go to Dashboard > Risk Mass.

The total count of findings (instances) in "Approved" Exception Requests and in connector-generated "Ignored" status that have the "Exploitable" threat tag.
​

The count of Exception Requests in the "Approved" state is distributed by Exception Request Type on a given Expiration date. Hover over an expiration date to view the Exception Request count and types that expired (or will expire) on that date. The Expiration date is a non-mandatory option defined when creating an Exception Request. Therefore, this widget counts only Exception Requests with a defined Expiration Date.
​

Count of findings (instances) for which Exception Requests were approved during the 1st, 2nd, or final third of the SLA timeframe. This widget helps users understand when an exception request of a finding (instance) was approved in the SLA policy timeframe. For example, if an exception request for a finding (instance) was created and approved during the 1st third of the SLA, a count will appear next to “Beginning of SLA”. If an Exception Request was approved for a finding (instance) that passed its SLA due date, a count would appear next to “SLA Exceeded”. This widget counts only vulnerabilities that were ignored (i.e., exception approved) through the Exception Requests process.
​

Count of Exception Requests in “Approved” state and in connector-generated “Ignored” status by Exception Request over time. Hover over a point in time to view the Exception Requests count assorted into Types.
​

The count of Exception Requests in the “Approved” state, distributed by Exception Request Type at a given date. Hover over a point in time to view the Exception Requests count by Type.
​

Count of findings (instances) in "Approved" Exception Requests and in connector-generated “Ignored” status by Risk Level.
​

Risk Mass distribution of findings (instances) in "Approved" Exception Requests and in connector-generated “Ignored” status by Risk Level.
​

Count of unique vulnerabilities in "Approved" Exception Requests and in connector-generated “Ignored” status by Asset type.
​

Count of findings (instances) in "Approved" Exception Requests and in connector-generated “Ignored” status by Risk Level and Business Group.
​

Count of “Approved” Exception Requests by associated Business Group, sorted by the highest to the lowest count.
​

​

A representation of the Exception Requests with the highest count of findings (instances).
​

Count of ignored findings (instances) by source: Manual (created manually by the user as part of an Exception Request), Playbook (created by automated playbooks), or Connector-generated (determined as Ignored by the connector).
​

Read our Reports (Analytics) FAQ and Data Validation article here.