SLA Management - Security Response Time Tracking

[KennethEhmsen]

Overview

Implement SLA management to define, track, and report on security response time commitments based on vulnerability severity and asset criticality.

Features

• SLA Definitions: Define response time targets by severity
• SLA Tracking: Monitor vulnerabilities against SLA deadlines
• Breach Detection: Identify SLA violations
• SLA Reports: Generate compliance reports for stakeholders

Planned Tools (5)

Tool	Description
sla_define	Define SLA policy with response times
sla_list	List all SLA policies
sla_check_compliance	Check current SLA compliance status
sla_get_breaches	Get list of SLA breaches
sla_generate_report	Generate SLA compliance report

Technical Requirements

database_tables:
  sla_policies:
    - id: TEXT PRIMARY KEY
    - name: TEXT
    - description: TEXT
    - rules_json: TEXT
    - is_default: INTEGER
    - created_at: TEXT
    
  sla_tracking:
    - id: TEXT PRIMARY KEY
    - vuln_id: TEXT
    - asset_id: TEXT
    - severity: TEXT
    - sla_policy_id: TEXT
    - discovered_at: TEXT
    - deadline_at: TEXT
    - resolved_at: TEXT
    - breached: INTEGER
    - breach_hours: INTEGER

default_sla_rules:
  critical:
    response_hours: 4
    resolution_hours: 24
  high:
    response_hours: 24
    resolution_hours: 72
  medium:
    response_hours: 72
    resolution_hours: 168  # 7 days
  low:
    response_hours: 168
    resolution_hours: 720  # 30 days

report_metrics:
  - total_tracked
  - within_sla_count
  - breached_count
  - compliance_percentage
  - average_resolution_time
  - breaches_by_severity

Acceptance Criteria

• SLA policies can be defined with custom rules
• Vulnerabilities automatically tracked against SLA
• Breaches detected and flagged in real-time
• Reports show compliance percentage and trends
• Support for multiple SLA policies (per asset/team)
• Integration with alert rules for breach notifications
• Audit logging for policy changes

Part of v1.28.0 Security Intelligence milestone.