Risk Acceptance

You can accept the risk of detected vulnerabilities and posture/compliance violations. This page collates all accepted risks and provides a management panel for each type.

This feature is in Technical Preview status.

Use the Risk Acceptance management page to:

  • See high-priority accepted risks sorted by their acceptance date to re-accept, extend the date, add notes, or revoke acceptance.
  • Re-accept an expired accepted risk because it is still relevant.
  • Revoke an accepted risk to mark the affected policies to remove the acceptance and re-evaluate the affected resources.
  • Edit the expiration date to postpone it.

Risk Acceptance for Posture

Risk Acceptance for Posture requires having a role with permission to read or edit.

Prerequisites

Usage

  1. Log in to Sysdig Secure and select Policies > Risk Acceptance | Posture.

    • Ensure you have the required permission: Posture, Risk Acceptance (read or edit).

    • Any accepted compliance risks are displayed, in order of acceptance date.

  2. Filter results by:

    • Context: Free text search on relevant terms such as the Platform, Control Name, and Resource Name. Global acceptances have the context All Resources.

    • Reason: Risk Owned, Transferred, Avoided, Mitigated, Not Relevant, Sysdig Accepted Risk, or Custom.

      Note that Sysdig Accepted Risks are autogenerated, and an explanation is included in the hover-over tooltip.

    • User: View acceptances by who created them

    • Expired/Active: Note that the table can be sorted by expiration or acceptance date, ascending or descending

  3. Select an entry to open its detail drawer and:

    • Revoke an acceptance
    • Edit the Reason or Expiration details
    • Ensure you have the required permission: Posture, Risk Acceptance - edit.

Risk Acceptance for Vulnerabilities

Prerequisites

Review Understanding Risk Acceptance for Vulnerabilities for a full overview of how this feature is used for vulnerability findings, including:

Use the Accept Risk | Vulnerabilities panel to review acceptances that are expired or close to expiry and manage them.

Usage

  1. Log in to Sysdig Secure and select Policies > Risk Acceptance|Vulnerabilities.

    Any vulnerabilities that were accepted are displayed, in order of acceptance date.

  2. Filter results by:

    • Search: Free text search on relevant terms such as the image name, package name, CVE ID, etc.
    • Entity: Vulnerability, Image name, Host name
    • Reason: Risk Owned, Transferred, Avoided, Mitigated, Not Relevant, or Custom.
    • Expired/Active: Note that the table can be sorted by expiration or acceptance date, ascending or descending
  3. Select an entry to open its detail drawer and:

    • Revoke an acceptance
    • Edit the Reason or Expiration details

Note: When an acceptance expires, it no longer excludes the vulnerability from the vuln count.