Stats
Actions
Tags
Builds automated alerts for vulnerability remediation SLA breaches with severity-based timelines, escalation workflows, and compliance reporting dashboards using Python and databases.
How this skill is triggered — by the user, by Claude, or both
Slash command
/cybersecurity-skills-zh:implementing-vulnerability-sla-breach-alertingThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
漏洞修复 SLA 根据严重程度定义了处理安全发现结果的最大时限。本技能涵盖构建自动化告警系统,用于跟踪修复时间线、检测 SLA 违规、发送升级通知并生成合规报告。行业标准 SLA 目标为:关键(24-48 小时)、高(15-30 天)、中(60 天)、低(90 天)。
漏洞修复 SLA 根据严重程度定义了处理安全发现结果的最大时限。本技能涵盖构建自动化告警系统,用于跟踪修复时间线、检测 SLA 违规、发送升级通知并生成合规报告。行业标准 SLA 目标为:关键(24-48 小时)、高(15-30 天)、中(60 天)、低(90 天)。
requests、pandas、jinja2、smtplib 库| 严重程度 | 修复 SLA | 宽限期 | 升级级别 |
|---|---|---|---|
| 关键(CVSS 9.0-10.0) | 48 小时 | 12 小时 | VP 工程 + CISO |
| 高(CVSS 7.0-8.9) | 15 天 | 5 天 | 工程总监 |
| 中(CVSS 4.0-6.9) | 60 天 | 14 天 | 团队负责人 |
| 低(CVSS 0.1-3.9) | 90 天 | 30 天 | 资产负责人 |
# sla_policy.yaml
sla_tiers:
critical:
cvss_min: 9.0
cvss_max: 10.0
remediation_days: 2
grace_period_days: 0.5
escalation_contacts:
- [email protected]
- [email protected]
pagerduty_severity: critical
high:
cvss_min: 7.0
cvss_max: 8.9
remediation_days: 15
grace_period_days: 5
escalation_contacts:
- [email protected]
pagerduty_severity: high
medium:
cvss_min: 4.0
cvss_max: 6.9
remediation_days: 60
grace_period_days: 14
escalation_contacts:
- [email protected]
pagerduty_severity: warning
low:
cvss_min: 0.1
cvss_max: 3.9
remediation_days: 90
grace_period_days: 30
escalation_contacts:
- [email protected]
pagerduty_severity: info
notification_channels:
slack:
webhook_url: "${SLACK_WEBHOOK_URL}"
channel: "#vulnerability-alerts"
email:
smtp_host: smtp.company.com
smtp_port: 587
from_address: [email protected]
pagerduty:
api_key: "${PAGERDUTY_API_KEY}"
service_id: "${PAGERDUTY_SERVICE_ID}"
alert_schedules:
approaching_breach:
percentage_elapsed: 80
frequency_hours: 24
at_breach:
notification: immediate
escalation: true
post_breach:
frequency_hours: 12
escalation_increase: true
CREATE TABLE vulnerability_sla (
id SERIAL PRIMARY KEY,
cve_id VARCHAR(20) NOT NULL,
finding_id VARCHAR(100) NOT NULL,
asset_hostname VARCHAR(255),
severity VARCHAR(20) NOT NULL,
cvss_score DECIMAL(3,1),
discovered_at TIMESTAMP NOT NULL,
sla_deadline TIMESTAMP NOT NULL,
remediated_at TIMESTAMP,
status VARCHAR(20) DEFAULT 'open',
owner_email VARCHAR(255),
escalation_level INTEGER DEFAULT 0,
last_alert_sent TIMESTAMP,
created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP
);
CREATE INDEX idx_sla_status ON vulnerability_sla(status);
CREATE INDEX idx_sla_deadline ON vulnerability_sla(sla_deadline);
CREATE INDEX idx_sla_severity ON vulnerability_sla(severity);
from datetime import datetime, timedelta, timezone
import yaml
def load_sla_policy(policy_path="sla_policy.yaml"):
with open(policy_path, "r") as f:
return yaml.safe_load(f)
def get_sla_tier(cvss_score, policy):
for tier_name, tier in policy["sla_tiers"].items():
if tier["cvss_min"] <= cvss_score <= tier["cvss_max"]:
return tier_name, tier
return "low", policy["sla_tiers"]["low"]
def calculate_sla_deadline(discovered_at, cvss_score, policy):
tier_name, tier = get_sla_tier(cvss_score, policy)
deadline = discovered_at + timedelta(days=tier["remediation_days"])
return deadline, tier_name
def check_sla_status(discovered_at, sla_deadline, remediated_at=None):
now = datetime.now(timezone.utc)
if remediated_at:
if remediated_at <= sla_deadline:
return "remediated_within_sla"
return "remediated_breach"
if now > sla_deadline:
overdue_days = (now - sla_deadline).days
return f"breached_{overdue_days}d_overdue"
remaining = sla_deadline - now
total_sla = sla_deadline - discovered_at
pct_elapsed = ((total_sla - remaining) / total_sla) * 100
if pct_elapsed >= 80:
return "approaching_breach"
return "within_sla"
import requests
import json
import smtplib
from email.mime.text import MIMEText
from email.mime.multipart import MIMEMultipart
def send_slack_alert(webhook_url, vuln_data, sla_status):
color = {"breached": "#FF0000", "approaching_breach": "#FFA500", "within_sla": "#36A64F"}
status_color = color.get("breached" if "breached" in sla_status else sla_status, "#808080")
payload = {
"attachments": [{
"color": status_color,
"title": f"漏洞 SLA 告警:{vuln_data['cve_id']}",
"fields": [
{"title": "严重程度", "value": vuln_data["severity"], "short": True},
{"title": "CVSS", "value": str(vuln_data["cvss_score"]), "short": True},
{"title": "资产", "value": vuln_data["asset_hostname"], "short": True},
{"title": "SLA 状态", "value": sla_status, "short": True},
{"title": "截止时间", "value": vuln_data["sla_deadline"].strftime("%Y-%m-%d %H:%M UTC"), "short": True},
{"title": "负责人", "value": vuln_data.get("owner_email", "未分配"), "short": True},
],
}]
}
requests.post(webhook_url, json=payload, timeout=10)
# 通过 cron 每小时运行 SLA 违规检查
echo "0 * * * * cd /opt/vuln-sla && python3 scripts/process.py --check-sla" | crontab -
# 手动检查
python3 scripts/process.py --check-sla --policy sla_policy.yaml
# 生成 SLA 合规报告
python3 scripts/process.py --report --period monthly --output sla_report.html
npx claudepluginhub killvxk/cybersecurity-skills-zhBuild automated alerting for vulnerability remediation SLA breaches with severity-based timelines, escalation workflows, and compliance reporting dashboards.
Builds automated alerting for vulnerability remediation SLA breaches using severity-based timelines, escalation workflows, and compliance reporting dashboards in Python with database tracking.
Builds automated alerting for vulnerability SLA breaches with severity timelines, escalation notifications to email/Slack/PagerDuty, and compliance dashboards using Python and databases.