building-vulnerability-aging-and-sla-tracking▌
mukul975/Anthropic-Cybersecurity-Skills · updated May 25, 2026
MDX-style export adds YAML metadata + attribution linking explainx.ai and this canonical listing URL.
Implement a vulnerability aging dashboard and SLA tracking system to measure remediation performance against severity-based timelines and drive accountability.
| name | building-vulnerability-aging-and-sla-tracking |
| description | Implement a vulnerability aging dashboard and SLA tracking system to measure remediation performance against severity-based timelines and drive accountability. |
| domain | cybersecurity |
| subdomain | vulnerability-management |
| tags | - vulnerability-management - sla-tracking - remediation-metrics - aging-report - kpi - compliance - risk-management |
| version | '1.0' |
| author | mahipal |
| license | Apache-2.0 |
| nist_csf | - ID.RA-01 - ID.RA-02 - ID.IM-02 - ID.RA-06 |
Building Vulnerability Aging and SLA Tracking
Overview
With over 30,000 new vulnerabilities identified in 2024 (a 17% increase from the prior year), organizations must track how long vulnerabilities remain unpatched and whether remediation occurs within defined Service Level Agreements (SLAs). Vulnerability aging measures the time between discovery and remediation, while SLA tracking enforces severity-based deadlines. Industry benchmarks indicate standard SLAs of 14 days for critical, 30 days for high, 60 days for medium, and 90 days for low vulnerabilities, though more aggressive timelines (24-48 hours for actively exploited critical CVEs) are increasingly common. This skill covers designing SLA policies, building aging dashboards, implementing automated escalations, and generating compliance metrics.
When to Use
- When deploying or configuring building vulnerability aging and sla tracking capabilities in your environment
- When establishing security controls aligned to compliance requirements
- When building or improving security architecture for this domain
- When conducting security assessments that require this implementation
Prerequisites
- Vulnerability management platform with historical scan data
- Asset inventory with criticality ratings
- ITSM/ticketing system for remediation tracking
- Reporting platform (Splunk, Elastic, Power BI, Grafana)
- Stakeholder agreement on SLA timelines and escalation procedures
Core Concepts
Standard Vulnerability SLA Framework
| Severity | CVSS Range | Standard SLA | Aggressive SLA | CISA KEV SLA |
|---|---|---|---|---|
| Critical | 9.0-10.0 | 14 days | 48 hours | BOD 22-01 due date |
| High | 7.0-8.9 | 30 days | 7 days | 14 days |
| Medium | 4.0-6.9 | 60 days | 30 days | N/A |
| Low | 0.1-3.9 | 90 days | 60 days | N/A |
| Informational | 0.0 | Best effort | Best effort | N/A |
Adaptive SLA Modifiers
| Factor | Modifier | Rationale |
|---|---|---|
| Internet-facing asset | -50% SLA | Higher exposure risk |
| CISA KEV listed | Override to 48h | Active exploitation confirmed |
| EPSS > 0.7 | -50% SLA | High exploitation probability |
| Tier 1 (crown jewel) asset | -25% SLA | Maximum business impact |
| Compensating control in place | +25% SLA | Risk partially mitigated |
| Vendor patch unavailable | Exception with review date | Cannot remediate yet |
Key Performance Indicators (KPIs)
| KPI | Formula | Target |
|---|---|---|
| Mean Time to Remediate (MTTR) | Avg(remediation_date - discovery_date) | < 30 days overall |
| SLA Compliance Rate | (Vulns remediated within SLA / Total vulns) * 100 | >= 90% |
| Overdue Vulnerability Count | Count where age > SLA | Trending downward |
| Vulnerability Aging Distribution | Count by age bucket (0-14d, 15-30d, 31-60d, 60+d) | Majority in 0-30d |
| Remediation Velocity | Vulns closed per week | Trending upward |
| Exception Rate | (Exceptions / Total vulns) * 100 | < 5% |
Workflow
Step 1: Define SLA Policy Document
Vulnerability Remediation SLA Policy v1.0
1. Scope: All information systems and applications
2. Severity Classification: Based on CVSS v4.0/v3.1 base score
3. SLA Timelines: See Standard SLA Framework table
4. Adaptive Modifiers: Applied based on asset context
5. Exception Process:
- Must be documented with business justification
- Requires compensating control description
- Maximum extension: 90 days (one renewal)
- CISO approval required for Critical/High exceptions
6. Escalation Path:
- 50% SLA elapsed: Automated reminder to asset owner
- 75% SLA elapsed: Escalation to manager
- 100% SLA elapsed (overdue): CISO notification
- 120% SLA elapsed: VP/CTO escalation
7. Metrics Reporting: Monthly to security committee
Step 2: Build the Aging Calculation Engine
import pandas as pd
from datetime import datetime, timedelta
class VulnerabilityAgingTracker:
"""Track vulnerability aging and SLA compliance."""
SLA_DAYS = {
"Critical": 14,
"High": 30,
"Medium": 60,
"Low": 90,
}
def __init__(self, sla_overrides=None):
if sla_overrides:
self.SLA_DAYS.update(sla_overrides)
def calculate_aging(self, vulns_df):
"""Calculate aging metrics for each vulnerability."""
today = datetime.now()
vulns_df["discovery_date"] = pd.to_datetime(vulns_df["discovery_date"])
vulns_df["remediation_date"] = pd.to_datetime(
vulns_df["remediation_date"], errors="coerce"
)
vulns_df["age_days"] = vulns_df.apply(
lambda row: (row["remediation_date"] - row["discovery_date"]).days
if pd.notna(row["remediation_date"])
else (today - row["discovery_date"]).days,
axis=1
)
vulns_df["sla_days"] = vulns_df["severity"].map(self.SLA_DAYS)
vulns_df["sla_deadline"] = vulns_df["discovery_date"] + \
pd.to_timedelta(vulns_df["sla_days"], unit="D")
vulns_df["is_overdue"] = vulns_df.apply(
lambda row: row["age_days"] > row["sla_days"]
if pd.isna(row["remediation_date"]) else False,
axis=1
)
vulns_df["sla_compliance"] = vulns_df.apply(
lambda row: row["age_days"] <= row["sla_days"]
if pd.notna(row["remediation_date"]) else None,
axis=1
)
vulns_df["days_overdue"] = vulns_df.apply(
lambda row: max(0, row["age_days"] - row["sla_days"])
if row["is_overdue"] else 0,
axis=1
)
vulns_df["sla_pct_elapsed"] = (
vulns_df["age_days"] / vulns_df["sla_days"] * 100
).round(1)
return vulns_df
def generate_kpis(self, vulns_df):
"""Generate KPI summary from aging data."""
open_vulns = vulns_df[vulns_df["remediation_date"].isna()]
closed_vulns = vulns_df[vulns_df["remediation_date"].notna()]
kpis = {
"total_vulnerabilities": len(vulns_df),
"open_vulnerabilities": len(open_vulns),
"closed_vulnerabilities": len(closed_vulns),
"overdue_count": open_vulns["is_overdue"].sum(),
"mttr_days": closed_vulns["age_days"].mean() if len(closed_vulns) > 0 else 0,
"sla_compliance_rate": (
closed_vulns["sla_compliance"].mean() * 100
if len(closed_vulns) > 0 else 0
),
}
kpis["overdue_by_severity"] = (
open_vulns[open_vulns["is_overdue"]]
.groupby("severity")
.size()
.to_dict()
)
return kpis
def get_escalation_list(self, vulns_df):
"""Get vulnerabilities requiring escalation."""
open_vulns = vulns_df[vulns_df["remediation_date"].isna()].copy()
escalations = []
for _, vuln in open_vulns.iterrows():
pct = vuln["sla_pct_elapsed"]
if pct >= 120:
level = "VP/CTO Escalation"
elif pct >= 100:
level = "CISO Notification"
elif pct >= 75:
level = "Manager Escalation"
elif pct >= 50:
level = "Owner Reminder"
else:
continue
escalations.append({
"cve_id": vuln.get("cve_id", ""),
"severity": vuln["severity"],
"age_days": vuln["age_days"],
"sla_days": vuln["sla_days"],
"days_overdue": vuln["days_overdue"],
"sla_pct": pct,
"escalation_level": level,
"asset": vuln.get("asset", ""),
"owner": vuln.get("owner", ""),
})
return pd.DataFrame(escalations)
Step 3: Dashboard Visualization
# Grafana/Kibana query examples for vulnerability aging
# Age distribution histogram (Elasticsearch)
age_distribution_query = {
"aggs": {
"age_buckets": {
"range": {
"field": "age_days",
"ranges": [
{"key": "0-7 days", "to": 8},
{"key": "8-14 days", "from": 8, "to": 15},
{"key": "15-30 days", "from": 15, "to": 31},
{"key": "31-60 days", "from": 31, "to": 61},
{"key": "61-90 days", "from": 61, "to": 91},
{"key": "90+ days", "from": 91},
]
}
}
}
}
# SLA compliance trend (monthly)
sla_trend_query = {
"aggs": {
"monthly": {
"date_histogram": {"field": "remediation_date", "interval": "month"},
"aggs": {
"within_sla": {
"filter": {"script": {
"source": "doc['age_days'].value <= doc['sla_days'].value"
}}
}
}
}
}
}
Best Practices
- Start with achievable SLA targets and tighten them as processes mature
- Adapt SLAs based on asset criticality and threat context, not just CVSS scores
- Automate escalation notifications to reduce manual tracking overhead
- Track MTTR trends month-over-month to demonstrate improvement
- Build exception workflows that require documented compensating controls
- Report SLA compliance to executive leadership monthly for accountability
- Include aging metrics in security committee and board-level reporting
- Integrate SLA tracking with ITSM ticketing for end-to-end remediation visibility
Common Pitfalls
- Setting unrealistic SLA targets that teams cannot meet, causing SLA fatigue
- Not adapting SLAs for asset criticality, treating all systems equally
- Lacking exception processes, forcing teams to either ignore SLAs or request blanket waivers
- Measuring only open vulnerability count without considering age and SLA compliance
- Not tracking the SLA clock from discovery date (using report date instead)
- Failing to re-baseline SLAs as team maturity improves
Related Skills
- implementing-vulnerability-remediation-sla
- building-executive-vulnerability-risk-report
- implementing-security-metrics-and-kpis
- performing-remediation-validation-scanning
How to use building-vulnerability-aging-and-sla-tracking on Cursor
AI-first code editor with Composer
Prerequisites
Before installing skills in Cursor, ensure your development environment meets these requirements:
- ›Cursor installed and configured on your development machine
- ›Node.js version 16.0+ with npm package manager (verify with
node --version) - ›Active project directory or workspace where you want to add building-vulnerability-aging-and-sla-tracking
Execute installation command
Execute the skills CLI command in your project's root directory to begin installation:
The skills CLI fetches building-vulnerability-aging-and-sla-tracking from GitHub repository mukul975/Anthropic-Cybersecurity-Skills and configures it for Cursor.
Select Cursor when prompted
The CLI will show a list of available agents. Use arrow keys to navigate and space to select Cursor:
Verify installation
Confirm successful installation by checking the skill directory location:
Reload or restart Cursor to activate building-vulnerability-aging-and-sla-tracking. Access the skill through slash commands (e.g., /building-vulnerability-aging-and-sla-tracking) or your agent's skill management interface.
Security & Verification Notice
We perform automated surface-level scans (Gen AI Scanner, Socket, Snyk) during installation. These checks detect common vulnerabilities but do not guarantee complete security. Always review skill source code and verify the publisher's reputation before production use.
Skills execute code in your development environment. Always verify the publisher's identity, review recent commits, and test in isolated environments before production deployment.
List & Monetize Your Skill
Submit your Claude Code skill and start earning
Use Cases▌
Task Automation & Efficiency
Automate repetitive workflows and reduce manual effort
Example
Generate reports, summarize documents, draft communications
Save 3-5 hours per week on routine tasks
Knowledge Enhancement
Learn new skills, understand complex topics, get expert guidance
Example
Explain concepts, provide examples, suggest learning resources
Accelerate learning and skill development by 2x
Quality Improvement
Enhance output quality through reviews, suggestions, and refinements
Example
Review drafts, suggest improvements, catch errors
Improve work quality by 30-40% with less effort
Implementation Guide▌
Prerequisites
- ›Claude Desktop or compatible AI client with skill support
- ›Clear understanding of task or problem to solve
- ›Willingness to iterate and refine outputs
Time Estimate
15-45 minutes depending on use case complexity
Installation Steps
- 1.Install skill using provided installation command
- 2.Test with simple use case relevant to your work
- 3.Evaluate output quality and relevance
- 4.Iterate on prompts to improve results
- 5.Integrate into regular workflow if valuable
Common Pitfalls
- ⚠Expecting perfect results without iteration
- ⚠Not providing enough context in prompts
- ⚠Using skill for tasks outside its intended scope
- ⚠Accepting outputs without review and validation
Best Practices▌
✓ Do
- +Start with clear, specific prompts
- +Provide relevant context and constraints
- +Review and refine all outputs before using
- +Iterate to improve output quality
- +Document successful prompt patterns
✗ Don't
- −Don't use without understanding skill limitations
- −Don't skip validation of outputs
- −Don't share sensitive information in prompts
- −Don't expect skill to replace human judgment
💡 Pro Tips
- ★Be specific about desired format and style
- ★Ask for multiple options to choose from
- ★Request explanations to understand reasoning
- ★Combine AI efficiency with human expertise
When to Use This▌
✓ Use When
Use when skill capabilities match your task, clear ROI on time saved, and you can validate outputs. Best for repetitive tasks, learning, and quality improvement.
✗ Avoid When
Avoid when task requires deep expertise you can't validate, involves sensitive decisions, or when learning process is more valuable than speed of completion.
Learning Path▌
- 1Familiarize yourself with skill capabilities and limitations
- 2Start with low-risk, non-critical tasks
- 3Progress to more complex and valuable use cases
- 4Build expertise through regular use and experimentation
Discussion
Product Hunt–style comments (not star reviews)- No comments yet — start the thread.
Ratings
4.4★★★★★67 reviews- ★★★★★William Farah· Dec 28, 2024
Solid pick for teams standardizing on skills: building-vulnerability-aging-and-sla-tracking is focused, and the summary matches what you get after install.
- ★★★★★Olivia Liu· Dec 12, 2024
We added building-vulnerability-aging-and-sla-tracking from the explainx registry; install was straightforward and the SKILL.md answered most questions upfront.
- ★★★★★Li Yang· Dec 4, 2024
Useful defaults in building-vulnerability-aging-and-sla-tracking — fewer surprises than typical one-off scripts, and it plays nicely with `npx skills` flows.
- ★★★★★Li Haddad· Nov 23, 2024
building-vulnerability-aging-and-sla-tracking is among the better-maintained entries we tried; worth keeping pinned for repeat workflows.
- ★★★★★William Haddad· Nov 19, 2024
We added building-vulnerability-aging-and-sla-tracking from the explainx registry; install was straightforward and the SKILL.md answered most questions upfront.
- ★★★★★Yusuf Kapoor· Nov 7, 2024
building-vulnerability-aging-and-sla-tracking reduced setup friction for our internal harness; good balance of opinion and flexibility.
- ★★★★★Noah Menon· Nov 3, 2024
Solid pick for teams standardizing on skills: building-vulnerability-aging-and-sla-tracking is focused, and the summary matches what you get after install.
- ★★★★★Ava Garcia· Oct 26, 2024
Registry listing for building-vulnerability-aging-and-sla-tracking matched our evaluation — installs cleanly and behaves as described in the markdown.
- ★★★★★Noah Verma· Oct 22, 2024
building-vulnerability-aging-and-sla-tracking has been reliable in day-to-day use. Documentation quality is above average for community skills.
- ★★★★★Chen Li· Oct 14, 2024
Keeps context tight: building-vulnerability-aging-and-sla-tracking is the kind of skill you can hand to a new teammate without a long onboarding doc.
showing 1-10 of 67