Risk Acceptance

You can accept the risk of detected vulnerabities and posture/compliance violations. This page collates all accepted risks and provides a management panel for each type.

Use the Risk Acceptance management page to:

  • See high priority accepted risks sorted by their acceptance date to re-accept, extend the date, add notes, or revoke acceptance
  • Re-accept an expired accepted risk because it is still relevant
  • Revoke an accepted risk to mark the policies effected by it as to remove the acceptance and re-evaluate the effected resources
  • Edit the expiration date to postpone it

Risk Acceptance for Posture

Risk Acceptance for Posture requires role permission to read or edit.

Prerequisites

Usage

  1. Log in to Sysdig Secure and select Policies > Risk Acceptance | Posture.

    • Make sure that you have the required permission: Posture, Risk Acceptance (read or edit).

    • Any compliance risks that were accepted are displayed, in order of acceptance date.

  2. Filter results by:

    • Context: Free text search on relevant terms such as the Platform, Control Name, Resource Name

    • Reason: Risk Owned, Transferred, Avoided, Mitigated, Not Relevant, Sysdig Accepted Risk, or Custom.

      Note that Sysdig Accepted Risks are autogenerated and an explanation is included in the hover-over tooltip.

    • User: View acceptances by who created them

    • Expired/Active: Note that the table can be sorted by expiration or acceptance date, ascending or descending

  3. Select an entry to open its detail drawer and:

    • Revoke an acceptance
    • Edit the Reason or Expiration details
    • Make sure that you have the required permission: Posture, Risk Acceptance - edit.

Risk Acceptance for Vulnerabilities

Prerequisites

Review Understanding Risk Acceptance for Vulnerabilities for a full overview of how this feature is used for vulnerability findings, including:

Use the Accept Risk | Vulnerabilities panel to review acceptances that are expired or close to expiry and manage them.

Usage

  1. Log in to Sysdig Secure and select Policies > Risk Acceptance | Vunerabilities.

    Any vulnerabilities that were accepted are displayed, in order of acceptance date.

  2. Filter results by:

    • Search: Free text search on relevant terms such as the image name, package name, CVE ID, etc.
    • Entity: Vulnerability, Image name, Host name
    • Reason: Risk Owned, Transferred, Avoided, Mitigated, Not Relevant, or Custom.
    • Expired/Active: Note that the table can be sorted by expiration or acceptance date, ascending or descending
  3. Select an entry to open its detail drawer and:

    • Revoke an acceptance
    • Edit the Reason or Expiration details

Note: When an acceptance expires, it no longer excludes the vulnerability from the vuln count.