Service Lead Agreements (SLA) - Application Security SLA defines deadlines for fixing security issues based on severity, ensuring timely remediation and improving team performance. - Administrator Guide - Cortex XSIAM - Cortex Cloud Posture Management - Cortex CLOUD - Cortex - Security Operations

Cortex XSIAM 3.x Documentation
Product
Cortex XSIAM
Creation date
2025-07-15
Last date published
2026-06-11
Category
Administrator Guide
Abstract

Application Security SLA defines deadlines for fixing security issues based on severity, ensuring timely remediation and improving team performance.

Application Security SLA defines remediation timeframes for security issues based on their severity, ensuring timely fixes and improving team performance. It sets clear expectations for how quickly threats must be addressed and provides a measurable metric for tracking responsiveness, identifying bottlenecks, and strengthening overall security posture.

Application Security SLAs apply to issues detected during periodic code scans. Each severity level has an assigned remediation timeframe to support consistent issue management.

The default target remediation timeframes are:

  • Critical: 7 days

  • High: 14 days

  • Medium: 30 days

  • Low: 90 days

You can modify these values as required.

SLA status and monitoring

SLA status provides immediate risk context for prioritization of issues. The system automatically calculates and updates each issue’s SLA status based on periodic scans and the configured timeframes.

There are three SLA status values:

  • On Track: The issue is within its assigned remediation timeframe

  • Approaching: The issue's SLA will be breached in a configurable number of days (the Approaching threshold). This status alerts you before an issue becomes overdue

  • Overdue: The issue has breached its SLA

Roles and responsibilities

  • AppSec practitioners:

    • Define and configure the SLA targets for each severity level

    • Track the SLA status for all Application Security issues across the organization

    • Generate reports and dashboards to measure team performance and identify trends

  • Developers / DevSecOps:

    • Be aware of and adhere to the SLA commitments for all assigned issues

    • Actively monitor and prioritize issues that are nearing or have exceeded their SLA

Use cases and features

  • For AppSec practitioners:

    • Overdue dashboard: Get a clear overview of all Approaching and Overdue issues. This allows you to quickly identify problematic areas and contact the relevant teams

    • Centralized SLA tracking: The SLA status for each issue is displayed directly in the Application Security issues tables

    • Categorized overdue issues: Filter overdue issues by domain (such as SAST, SCA, IaC, Secrets) to understand which areas require additional attention

    • Detailed issue information: A side panel on each issue provides a comprehensive view of its SLA details, including the configured time and how many days have passed, helping you understand its priority

  • For developers :

    • SLA visibility: See the specific SLA you need to follow for each issue, ensuring you are always aware of your commitments

    • Overdue issues: Easily identify and filter issues that are past their SLA, so you can prioritize and fix them immediately

    • Upcoming overdue issues: Anticipate and prepare for issues that will become overdue in a configurable number of days, allowing you to take preventative action