Remediation Tasks

What Are Remediation Tasks?

Remediation Tasks transform individual vulnerability findings into actionable, grouped work items. Instead of managing hundreds of individual CVEs, the system automatically groups vulnerabilities by server + software combination — creating one task per affected installation.

For example, if Firefox on Server-DC01 has 47 known CVEs, you get a single remediation task: "Upgrade Firefox on Server-DC01" rather than 47 separate items to track.

Why Use Remediation Tasks?

Reduced Complexity — Hundreds of CVEs become manageable, grouped tasks
Automatic Creation — Tasks are created automatically when vulnerabilities are discovered
Cascade Resolution — Resolve one task and all linked CVEs are marked as remediated
Priority-Based SLAs — Due dates auto-calculated from severity (Critical = 7 days, High = 14 days)
Team Assignment — Assign tasks to team members with accountability and due dates
Full Audit Trail — Every status change, assignment, and note is logged
External Integration — Link tasks to your existing ticketing system (Jira, ServiceNow, etc.)

How to Access

Navigate to Security → Remediation Tasks in the main menu.

Dashboard Overview

The dashboard displays real-time metrics across all remediation tasks:

Metric	Description
Open Tasks	Combined count of open and in-progress tasks
Critical/High Priority	Urgent tasks requiring immediate attention
Exploit-Linked	Tasks with known exploits (highest risk)
Average Age	Days tasks remain open (measures remediation speed)
Auto-Resolved (30 days)	Tasks automatically closed by scan updates
Overdue	Tasks past their due date (SLA violations)
Top Affected CIs	Servers/workstations with the most open tasks

Task List

The task list shows all remediation tasks with filtering and sorting options.

Available Filters

Filter	Options
Status	Open, In Progress, Resolved, Accepted Risk, Deferred
Priority	Critical, High, Medium, Low
Severity	Based on highest CVE severity in the group
Assignee	Filter by assigned team member
Overdue	Show only overdue tasks
Search	Software name or vendor

Sorting Options

Sort by software name, priority, vulnerability count, maximum CVSS score, due date, or first detection date.

Task List Columns

Column	Description
Software	Software name and vendor
Affected CI	Server or workstation where the software is installed
Vulnerability Count	Number of CVEs in this group
Max CVSS	Highest CVSS score among the grouped CVEs
Priority	Critical, High, Medium, or Low
Status	Current workflow state
Due Date	Auto-calculated from priority
Assignee	Assigned team member

Overdue tasks are visually highlighted for quick identification.

Task Detail View

Click any task to see full details organized in two panels.

Left Panel — Details and Context

Software — Name, vendor, and version affected
Affected CI — Server or workstation name
Status — Current state with action buttons
Priority and Severity — With color-coded badges
Due Date — Auto-calculated based on priority
Source — Scan (auto-created) or Manual
First Detected — When the task was first created
Assignment — Assigned user or team
Linked Ticket — External system reference with direct link
Status Timeline — Full history of every status change with who, when, and notes

Right Panel — Vulnerabilities and Collaboration

Linked Vulnerabilities Table:

Column	Description
CVE ID	CVE identifier (linked to NVD for details)
Severity	Critical, High, Medium, or Low
CVSS Score	Numeric score with color coding
Status	Open or Remediated
First Detected	When the CVE was first associated

You can filter the vulnerability list by severity level.

Stats Cards:

Total vulnerability count
Maximum CVSS score (color-coded)
Known exploit count (highlighted in red if exploits exist)
Task age in days

Notes Section: Threaded comments for team collaboration — record findings, blockers, remediation steps, or handoff notes. Each note shows the author and timestamp.

Task Statuses and Workflow

Status	Description
Open	Task created, awaiting action
In Progress	Someone is actively working on remediation
Resolved	Remediation complete — all linked CVEs marked as remediated
Accepted Risk	Acknowledged but not fixed due to business reasons
Deferred	Postponed to a later date

Resolving a Task

When you resolve a task:

Click the Resolve button
Select the resolution method:
- Upgraded (software updated to patched version)
- Patched (hotfix or security patch applied)
- Removed (software uninstalled)
- Compensating Control (mitigating control implemented)
Add resolution notes describing what was done
Click Confirm

What happens automatically:

All linked open vulnerabilities are marked as "remediated"
The resolution timestamp is recorded
The audit trail is updated with full details
The SLA clock stops

This cascade resolution is a key efficiency feature — one action closes the task and all its associated CVEs.

How Tasks Are Created

Automatic Creation (from Discovery Scans)

When network discovery scans detect vulnerabilities:

Vulnerabilities are grouped by CI + software combination
A remediation task is created for each unique group
Priority is set based on the highest CVE severity
Due date is calculated from the priority level
For critical and high priority tasks, a security event is also created

Tasks are continuously synced as vulnerability data changes. If all vulnerabilities for a task are resolved by a subsequent scan, the task automatically closes.

Manual Creation

You can also create tasks manually for:

Known issues not yet detected by scans
Proactive remediation planning
Custom software and CI combinations

Priority and SLA Management

Task priority is automatically set based on the highest CVE severity in the group:

Severity	Priority	SLA Due Date
Critical	Critical	7 days from detection
High	High	14 days from detection
Medium	Medium	30 days from detection
Low	Low	90 days from detection

You can override the priority if business context requires a different timeline (e.g., a critical CVE on a non-production system might be downgraded).

Task Actions

Action	Description
Start Working	Move from Open to In Progress
Resolve	Complete remediation with cascade to all linked CVEs
Accept Risk	Acknowledge the risk without fixing
Defer	Postpone to a later date
Assign	Assign to a user or team with a due date
Link Ticket	Connect to an external ticketing system
Add Note	Record findings, progress, or blockers

Integration with Other Modules

Vulnerability Management

Each remediation task links directly to its associated CVEs. Resolving a task cascades the status change to all linked vulnerabilities, keeping your vulnerability dashboard accurate.

Security Events

When a critical or high priority task is created, a corresponding security event is automatically generated. This ensures security teams are notified of high-risk discoveries through their existing alert workflows.

CMDB

Tasks reference specific CIs (servers and workstations). You can view all open remediation tasks for a particular CI to understand the full remediation workload for that system.

External Ticketing

Link remediation tasks to tickets in your existing systems (Jira, ServiceNow, etc.) for change management integration. The linked ticket reference appears in the task detail view with a direct link.

Common Use Cases

Security Team Workflow

Open the remediation dashboard
Review open task count and overdue items
Identify top affected CIs
Assign critical/high tasks to infrastructure team members
Monitor progress through status changes and notes

Infrastructure Team Workflow

View assigned remediation tasks
Click a task to see which software needs patching
Review the linked CVEs to understand the risk
Apply the fix (upgrade, patch, or remove)
Resolve the task with resolution notes
All linked CVEs automatically close

Compliance Reporting

Filter tasks by status and date range
Review closure rates and average remediation time
Check overdue tasks for SLA violations
Use the audit trail for evidence of remediation actions

Best Practices

Prioritization

Focus on tasks with known exploits first (highest real-world risk)
Address critical and high priority tasks within their SLA windows
Review the "Top Affected CIs" to identify systems needing urgent attention

Workflow

Use the "In Progress" status to signal active work and prevent duplicated effort
Add notes when starting work so team members know the planned approach
Link external tickets for change management traceability

Efficiency

Use "Accept Risk" sparingly and document the business justification
Review deferred tasks monthly to reassess timing
Let auto-resolution handle tasks where scan updates clear the vulnerabilities

Active Vulnerabilities — View and manage individual vulnerability findings
CVE Database — Search the local CVE database
Security Events — Respond to security detections
Threat Intelligence — Understand threat intelligence sources

What Are Remediation Tasks?​

Why Use Remediation Tasks?​

How to Access​

Dashboard Overview​

Task List​

Available Filters​

Sorting Options​

Task List Columns​

Task Detail View​

Left Panel — Details and Context​

Right Panel — Vulnerabilities and Collaboration​

Task Statuses and Workflow​

Resolving a Task​

How Tasks Are Created​

Automatic Creation (from Discovery Scans)​

Manual Creation​

Priority and SLA Management​

Task Actions​

Integration with Other Modules​

Vulnerability Management​

Security Events​

CMDB​

External Ticketing​

Common Use Cases​

Security Team Workflow​

Infrastructure Team Workflow​

Compliance Reporting​

Best Practices​

Prioritization​

Workflow​

Efficiency​

Related Topics​