us-east-1
·local (no data egress)
·sha256:7d…a81c
Preview · mock data
Suppressions
6 active · 3 expiring ≤7d · 4 anomaly patterns detected
Waiver governance is drifting from policy
The waiver ledger shows 4 patterns that typically indicate alert-fatigue suppression rather than accepted-risk decisions. Review each below.
Detected patterns
auto-run nightly · thresholds configurable in /admin/rules| Pattern | Cases | Example | Severity | |
|---|---|---|---|---|
| Same finding type, same approver, same day, ≥30 waivers | 1 | j.kim / #2 YOLO / 2026-03-28 / 96 waivers in 11 min | critical | |
| BU with >80% waiver rate on a finding type | 1 | QA BU / #2 YOLO / 91% waived | critical | |
| Waiver reason uses ≤3 distinct strings across ≥20 waivers | 2 | j.kim uses "noisy" on 72 waivers | high | |
| Waiver expiring ≤7d without renewal ticket | 3 | 3 critical findings expiring between Apr 18-22 | medium |
Approver concentration
who's waiving how much — outliers flagged| Approver | Role | Waivers (90d) | Worst single day | Fleet share | Signal | |
|---|---|---|---|---|---|---|
| j.kim | SOC Lead | 142 | 96 in one day | 68% | Batch-approved 96 YOLO waivers on Fri 2026-03-28 within 11 min window | |
| secops@corp | SecOps team | 34 | — | 12% | Distributed approvals · no concentration pattern | |
| ciso@corp | CISO | 18 | — | 6% | Executive-level approvals · documented reasons |
Anomaly detection runs nightly. Rule thresholds (approver concentration %, BU waiver %, pattern duplication) are configurable in Detection Rules.