Decisions tab
Updated:2022-11-29
The Decisions tab contains a list of created decisions of how to manage and remediate a vulnerability. The decisions can be targeting specific environments (tags) or all environments.
| Header | Description |
|---|---|
| Id | The identity of the decision and a link to open the edit pop-up dialog. |
| Valid from | Start date for the decision to be valid. |
| Tags | Tags (environments) selected for this decision. If no tag: All environments. |
| Issues | Link to Issues related to this decision. |
| Environmental score | Total CVSS score if Environmental metrics are modified. |
| Vulnerable | Yes/No |
| Action | Action: Must be fixed/Will not be fixed |
| Due date | Latest date to perform "action" |
| Last update | When the decison was last updated. |
| Add Issue button | Add an Issue identity as a reference. It's created locally in MAIA but will be synchronized with the Issue in the Issue Tracker System, if it exists. |
| Delete button | Delete the decision. |
Decision pop-up dialog.
| Description | |
|---|---|
| Top boxes | Current CVSS score & New CVSS Score after modifying the Environmental metrics. |
| Scoring vector | Updated scoring vector when modifying metrics. |
| Valid from | Select the start date for activating the decision (optional). |
| Tags | Possibility to select a number of tags as a target for this decision (optional). |
| Issues | Add issue(s) as reference. Must be an Issue that already exists in MAIA. Issues may also be added later on on the index page (optional). |
| Environmental metrics | Opens an editable selection field, modifying the Environmental metrics. Described in detail here (external link). (optional). |
| Vulnerable? | Meaning: does this CVE make our software vulnerable? No: if false positive, for configuration reasons or other. Sets the CVSS Score to ZERO (0), regardless of other metrics. Yes: opens a questionnaire, see below. |
| Y|Workaround exists? | Yes/No. If Yes, a field opens to -- Specify workaround. |
| Y|Risk is accepted? | Yes/No |
| Y|Customer ... | Yes/No. If Yes, a field opens to -- Comment. |
| Y|Action | Must be fixed: Open a Due date selection field / Will not be fixed. |
| Comment | An overall comment field for this decision. |