About the Exceptions Report
This report helps evaluate the accepted risk posed by approved Exception Requests and Ignored/acknowledged vulnerabilities from connectors, adding business context, and helping the security team operate around the Risk Exception and Compliance policies.
The analytics in this report is based on the Exception Requests in "Approved" status only. You can view the list of Exception Requests in the Approved state by going to the Exceptions page and scrolling down to the "Approved" status.
Before you dive in
First, make sure you cover the Analytics Filters and Data Drilling to learn about the expected behavior of the trends and presented data.
Analytics
Exception Requests
The count of “Approved” exception requests in the selected Period. Note that the count on this widget might slightly differ from the count of “Approved” on the Exception page due to the difference in data sync times.
Vulnerability Instances with Exception Requests
The count of all vulnerability instances existing in all “Approved” Exception Requests in the selected Period. Note that an exception request usually contains more than one vulnerability instance. Therefore, the number here is usually larger than the number in the Exception Requests count widget on the left.
Unique Vulnerabilities with Exception Requests
The count of unique vulnerabilities in all “Approved” exception requests. Note that a unique vulnerability can contain several vulnerability instances. Therefore, the number here is always larger than the number in the Vulnerability Instances widget on the left.
Average age of Vulnerability Instances with Exception Requests
The average age in days of all vulnerability instances in “Approved” Exception Requests. This calculation is based on the date under the “First Seen” column of each vulnerability instance. To calculate the age of a vulnerability instance: Today’s date - “First Seen” date = Age in days.
Risk Mass of Exception Requests
The Risk Mass of all vulnerability instances in “Approved” Exception Requests, out of the total Risk Mass in the organization. To view the total Risk Mass, go to Dashboard page > Risk Mass widget.
Exploitable Vulnerability Instances in Exception Requests and in "Ignored/acknowledged"
The count of Exploitable Vulnerability Instances in both of “Approved” Exception Requests and in “Ignored/acknowledged” (connector-generated). Exploitable vulnerability instances have the threat tag "Exploitable".
Exception Request Types by Expiration Date
The count of Exception Requests, assorted by Exception Request Type, on a given Expiration date. Hover over an expiration date to view the Exception Request count and types that expired (or will expire) on that date. The Expiration date is a non-mandatory option defined when creating an Exception Request.
Vulnerability Instances with Exception Requests created during SLA time frame
The count of Vulnerability Instances, for which Exception Requests were approved during the 1st, 2nd, or final third of the SLA timeframe. This widget helps users understand when an exception request for a vulnerability instance was approved in the SLA policy timeframe. For example, if an exception request for a vulnerability instance was created and approved during the 1st third of the SLA, a count will appear next to “Beginning of SLA”. If an Exception Request was approved for a vulnerability instance that already exceeded SLA (AKA, exceeded the SLA timeframe), a count will appear next to “Exceed SLA”. This widget counts only vulnerabilities that were Ignored/acknowledged (i.e., exception approved) through the Exception Requests process.
Exception Request Types by date
The count of Exception Requests in “Approved” state, assorted by Exception Request Type, at a given date. Each organization defines its Exception Request Types (Settings > Exceptions > Exception Request Types). Hover over a point in time to view the Exception Requests count assorted into Types.
Vulnerability Instances with Exception Requests Assorted by Risk Level
The count of Exception Requests in “Approved” and “Ignored/acknowledged” status, assorted by Exception Request Type, at a given date. Each organization defines its Exception Request Types (Settings > Exceptions > Exception Request Types). Hover over a point in time to view the Exception Requests count assorted into Types. This widget also counts “Ignored/acknowledged” vulnerabilities.
Vulnerability Instances with Exception Requests by Risk Level
The total number of Vulnerability Instances with Exception Requests assorted by Risk Level.
Risk Mass by Risk Level in Exception Requests
Risk Mass distribution of Exception Requests assorted by Risk Level.
Unique Vulnerabilities in Exception Requests by Asset type
Count of Unique Vulnerabilities in Exception Requests assorted by Asset type.
Vulnerability Instances with Exception Requests by Business Group and Risk Level
Count of Vulnerability Instances with Exception Requests assorted by Risk Level per each Business Group.
Exception Requests by Business Groups
Count of Exception Requests assorted by associated Business Groups sorted out from the highest to the lowest count.
Exception Requests by Vulnerability Instances count
A representation of the Exception Requests with the highest count of Vulnerability Instances. This trend presents the 16 Exception Requests with the most vulnerability instances count. If you have more Exception Requests that don’t appear here, it indicates that those exceptions contain fewer vulnerability instances than the lowest count on this trend.
Vulnerability Instances with “Ignored/acknowledged” status by Source
Count of vulnerability instances in status ‘Ignored/acknowledged’ assorted by source.
Sources: Manual (created manually by the user), Playbook (created by automated playbooks), or Connector-generated (sent directly from connectors). These vulnerability instances don’t have any exception requests associated with them.
Analytics FAQ and Data Validation
Read our Analytics FAQ and Data Validation article here.