Severity Statistics Dashboard
Severity Statistic view:
The timeline of the charts can be customized to show data for the last 3 days, last week, last month, or last year, providing flexibility in analyzing different time ranges.
Select the products for which you want to see data on the chart by selecting them from the Products to Select section. You can search, filter (by product type, included or excluded tag) and include or exclude selected products from the data display by moving the Exclude Selection slider.
Current Weighted Risk Trend
Weighted Risk Trend (WRT) metric empowers organizations to measure and track the state of security in a business-oriented manner. The General WRT is calculated by combining the WRT of each product, taking into account their respective severity weights, findings count, and business criticality assessments.
Note that the General Weighted Risk Trend displays the WRT, risk appetite and severity weight values. Be sure to set the appropriate weights before viewing the graph. Otherwise, the graph may be distorted by incorrect weight values.
By regulary tracking the following global metrics, you can gain a better understanding of your security posture and make informed decisions to enhance your overall security strategy.
Severity statistics
Shows the number of verified findings grouped by severity.
Trend history
Shows the trend of verified fyndings.
Mean Time of Status Change
By monitoring the Status change mean time graph in relation to the SLA requirements, you can effectively manage and prioritize your remediation efforts, ensuring that critical vulnerabilities are promptly addressed and mitigated according to the established timelines.
Customise the view of the metric view using the Findings Status Change Time Statistics section of the Metrics Settings.
Average Vulnerability Age (AVA) calculates the average age of vulnerabilities from creation to remediation. It helps to determine how long vulnerabilities pose a potential risk.
Mean Time to Detection (MTTD) measures the average time it takes to verify vulnerabilities from the moment they are created . A shorter MTTD indicates an effective and timely vulnerability detection process.
Mean Time to Rejection (MTR) measures the average time it takes for a finding to be rejected after creation. It provides insights into the speed of handling findings that are determined to be false positives.
Mean Time to Remediation (MTTR) calculates the average time it takes to remediate vulnerabilities from the moment they are verified. A shorter MTTR indicates an efficient vulnerability resolution process.
Mean Time to Product Task Assignment (MTTAp) measures the average time it takes for a validated finding to be assigned to a developer (assignee) in the Jira product space from the time it is validated. It helps to track the speed at which results are processed after validation and the initiation of the fixing process.
Mean Time to Security Task Assignment (MTTAs) measures the average time it takes for a validated finding to be assigned to a developer (assignee) in the Jira security space from the time it is validated. It helps to track the speed at which results are processed after validation and the initiation of the fixing process.
Findings count
Customise the view of the metric view using the Findings Count Statistics section of the Metrics Settings.
Finding Discovery Rate (FDR) measures the rate at which new vulnerabilities are verified per day, either manually or automatically (through the Auto Validator). It helps you evaluate the effectiveness of your Auto Validator's rules and security team.
False Positive Rate (FPR) quantifies the rate of reported vulnerabilities that are later determined to be false positives per day manually or by Auto Validator. A lower false positive rate indicates the accuracy of your vulnerability detection tools and methodologies.
Vulnerability Remediation Rate (VRR) tracks the rate at which vulnerabilities are resolved per day, either manually or automatically (through the Auto Closer). This metric evaluates the efficiency of your vulnerability resolution process.
Last updated