Step 1
Triage highest-risk findings first
Use risk score and exploit context to build an actionable queue.
- Sort findings by risk score as your default triage view.
- Use KEV and severity filters to isolate urgent vulnerabilities.
- Run Adversarial Exposure Validation (AEV) on-demand for the top queue and review validated/not-validated outcomes.
- Filter by AEV state to separate immediately exploitable paths from inconclusive candidates.
- Review affected assets to identify production or internet-facing impact.
Step 2
Assign ownership and deadlines
Every finding should have one accountable owner and a target resolution date.
- Assign findings to service owners from impacted teams.
- Set due dates aligned to your internal SLA policy.
- Capture remediation notes and fix version targets.
Step 3
Tune tenant scoring policy safely
Use simulation before publishing weight changes so queue movement is intentional and auditable.
- Open `/findings/risk-scoring` and review the current tenant policy version.
- Run a simulation to inspect projected score, rank, and priority changes before publishing.
- Record a change summary for every publish and use rollback if the new ordering does not match operating expectations.
Step 4
Track closure and recurring drift
Monitor trend movement to verify risk is declining over time.
- Review trend and backlog metrics at least weekly.
- Track reopened findings and recurring high-severity issues.
- Escalate overdue remediation items in operating reviews.