Accepted Risk

You can accept the risk of detected vulnerabilities and posture/compliance violations. This topic describes how to use the Accepted Risk page to collate and manage accepted risks.

Use the Accepted Risk management page to:

  • See high-priority accepted risks sorted by their acceptance date to re-accept, extend the date, add notes, or revoke acceptance.
  • Re-accept an expired accepted risk because it is still relevant.
  • Revoke an accepted risk to mark the affected policies to remove the acceptance and re-evaluate the affected resources.
  • Edit the expiration date to postpone it.

Accept Risk for Posture

Prerequisites

Usage

  1. Log in to Sysdig Secure and do one of the following:

    • Select Risk > Accepted Risk.

    • Select Compliance > Accepted Risk.

    Accepted risks are displayed in order of acceptance date.

  2. Filter results by:

    • Context: Free text search on relevant terms such as the Platform, Control Name, and Resource Name. Global acceptances have the context All Resources.

    • Reason: Risk Owned, Transferred, Avoided, Mitigated, Not Relevant, Sysdig Accepted Risk, or Custom.

      Note that Sysdig Accepted Risks are autogenerated, and an explanation is included in the hover-over tooltip.

    • User: View acceptances by who created them

    • Expired/Active: Note that the table can be sorted by expiration or acceptance date, ascending or descending

  3. Select an entry to open its detail drawer and:

    • Revoke an acceptance
    • Edit the Reason or Expiration details
    • Ensure you have the required permission: Posture, Accepted Risk - edit.

Accepted Risk for Vulnerabilities

Prerequisites

Review Understanding Risk Acceptance for Vulnerabilities for a full overview of how this feature is used for vulnerability findings, including:

Use the Accept Risk > Vulnerabilities panel to review acceptances that are expired or close to expiry and manage them.

Usage

  1. Log in to Sysdig Secure.

  2. Log in to Sysdig Secure and do one of the following:

    • Select Risk > Accepted Risk > Vulnerabilities.

    • Select Vulnerabilities > Accepted Risk.

    Any vulnerabilities that were risk-accepted are displayed (in the order of acceptance date).

  3. Filter results by:

    • Search: Free text search on relevant terms such as the image name, package name, and CVE ID.
    • Entity: You can filter by Vulnerabilities, Image name, Host name, and Policy Rule.
    • Reason: Filter by Risk Avoided, Risk Owned, Risk Transferred, Risk Avoided, Risk Mitigated, Risk Not Relevant, or Custom.
    • Expired: Filter by expired Risks that were accepted. You can sort the table by expiration or acceptance date, ascending or descending.
    • Active: Shows all the active Risks that are accepted. You can sort the table by expiration or acceptance date, ascending or descending.
  4. Select an entry to open its detail panel to:

    • Revoke an acceptance
    • Edit the Reason and Expiration details of an accepted Risk.

Note: When an acceptance expires, it no longer excludes the vulnerability from the vulnerability count.