As of December 31st, 2023 ThreadFix 2.X has reached End of Life and is no longer supported. For any further information please contact the Success and Implementation team.

Time to Remediate Policies

Owned by Daniel Colon
Last updated: Aug 31, 2022
3 min read

You will learn

How to create Time to Remediate Policies, apply them to applications, teams, or tags, and edit them as necessary.

Prerequisites

Audience: IT Professional or End User
Difficulty: Basic
Time needed: Approximately 10 minutes
Tools required: N/A

Time to remediate policies allow users to set time frames that vulnerabilities need to be remediated by, based on severity and determined by the newest scan date. To use Time to Remediate Policies, go to Customization → Policies and click on the Time to Remediate tab. 

Creating a Time to Remediate Policy

  1. To access Time to Remediate Policies, click on Customization on the navigation sidebar then click on Policies and click on the Time to Remediate Policies tab. 

  2. To create a Time to Remediate Policy, click the Create Policy button to bring up the Policy modal.

  3. In the modal, enter the name as well as the number of days allotted for a vulnerability to be remediated based on its severity (not all severities need a time frame set for them, so if no time to remediate setting is desired for a specific severity, just leave it blank). 

Applying a Time to Remediate Policy

Once a policy is created, it can be applied to any application, team, or tag from the Manage Policies page. Notification and email options are also available from the Manage Policies page.

  1. To select where you want to apply the policy, use the type ahead input fields shown below.

  2. You can also add a policy from the Team and Application Details page under the policies tab.

  3. Once a policy is applied to an application, team, or tag, the policy status will be visible on the Manage Policies page, Portfolio page, and the Application Details page.

  4. Expanding the vulnerability tree will show more detail regarding the amount of time remaining or past due a vulnerability is. Within seven days of a time to remediate deadline, a warning icon will show next to the days remaining. Once past due, an error icon will be displayed, along with the days past due.

These details can also be found in the Vulnerability Details page.

Sample Email Notification

Below is a sample Time to Remediate Policy status change email notification:

Editing a Time to Remediate Policy

To edit a time to remediate policy, go to Customization → Policies and click the Time to Remediate tab. Select the policy you wish to edit and click the Edit / Delete button. This will bring up the same modal used to create the policy. Once edits to a policy are saved, the policy status for each attached application will be recalculated.

www.threadfix.it | www.coalfire.com
Copyright © 2024 Coalfire. All rights reserved.

This Information Security Policy is CoalFire - Public: Distribution of this material is not limited.