How This Service Works
This service is not user-requestable. ITS Information Security continuously monitors systems for vulnerabilities using Sentinel, Defender, Tenable, and other sources. When a confirmed vulnerability is detected, a ticket is created—either automatically via Sentinel Playbook integration or manually by the SOC team—and assigned to the appropriate team that owns the affected asset.
That team is responsible for taking action to mitigate the vulnerability (e.g., applying patches, making configuration changes). Once remediation is complete, Information Security validates that the issue is resolved, typically through follow-up scanning.
Linked tasks may be included to provide specific remediation instructions and asset details.
Who Is Involved
-
Initiated By: ITS Information Security or automated tooling (e.g., Sentinel Playbook)
-
Action Required By: Assigned team responsible for the affected system, platform, application, or device
-
Validated By: ITS Information Security
Vulnerability Severity and Required Resolution Timeframes (SLAs)
| Severity |
SLA to Resolve |
| Critical |
30 calendar days |
| High |
60 calendar days |
| Medium |
90 calendar days |
| Missed Patch |
7 calendar days |
SLAs apply to all asset types, including servers, workstations, applications, network devices, and PCI systems. Not all severity levels may be applicable to every asset type.
Automation and Notifications
-
Tickets may be generated via Sentinel Playbook API or manually by the SOC team.
-
For teams with queues: tickets are assigned directly to the appropriate group.
-
For teams without queues: a parent ticket is created and linked tasks are assigned to responsible teams.
-
Notification workflows escalate to managers and compliance if resolution SLAs are not met.
-
Weekly notifications are sent every Friday to highlight outstanding vulnerabilities.
How to Get Support
For questions about a specific vulnerability notification or patching requirement, please contact ITS Information Security.