Exceptions, Jira & Export

Requesting a Risk Exception#

An exception is a formal, time-bounded waiver acknowledging that a risk cannot be mitigated right now and is being accepted with justification. It is distinct from simply closing a case, an exception creates an auditable record of the risk acceptance decision.

Who can request: Analyst, Approver, Admin

Step-by-step procedure:

1. Open the Case Detail modal for the case you want to except
2. In the action bar, click Request Exception
3. The exception form expands inline below the action bar
4. Fill in the required fields:
   • Reason (required): A written justification explaining why this risk is being accepted, what mitigating controls are in place, and why remediation is not feasible at this time. Be specific, this text becomes part of the audit record.
   • Risk Level (required): Low / Medium / High / Critical, your assessment of the residual risk after accepting the exception
   • Expiry Date (required): The date on which this exception automatically expires. After this date, the exception becomes Expired, the case reopens to Open, and re-approval is required.
5. Click Submit
6. The exception record is created with status “Pending Approval”
7. All users with the Approver or Admin role receive a direct in-app notification
8. The “Case Activity” notification channel also broadcasts the exception_requested event

Note: Submitting an exception does NOT move the case to Exception status. The case stays in its current status until an Approver approves the exception.

Warning: Once submitted, exception requests cannot be edited. If you made a mistake, ask an Approver to reject it and submit a new one.

Approving a Risk Exception#

Who can approve: Approver, Admin

Finding pending exceptions:

• The in-app notification bell shows an unread badge when you have pending exception requests
• Click the bell icon to see the notification; click through to the case
• Alternatively: navigate to the Cases tab, filter by status “In Progress” or “All”, and look for cases with a pending exception badge
• The case detail modal’s Exceptions section (collapsible) shows all exceptions with “Pending Approval” status

Approval workflow:

1. Open the Case Detail modal for the case with a pending exception
2. Expand the Exceptions section (click the “Exceptions (N)” toggle)
3. You will see the exception card showing: status lozenge, risk level, reason text, expiry date, and the submitter’s name
4. If you are satisfied the justification is sufficient, click Approve
5. The exception status changes to “Approved”
6. The case status changes to “Exception” automatically
7. The original requester receives a direct in-app notification that their exception was approved
8. An exception_approved evidence event is written to the audit trail

Rejecting an exception: Click Revoke on the exception card. The exception status changes to “Revoked”, the case returns to “Open”, and an exception_revoked evidence event is recorded.

Note: Approvers are automatically notified of all pending exceptions via direct notification (bypassing channel routing rules). You will never miss a pending exception if your notifications are active.

Admin Revoking an Exception#

After an exception has been approved, only Admin users can revoke it (Approvers can also revoke, per the role permissions).

1. Open the Case Detail modal
2. Expand the Exceptions section
3. Find the approved exception card
4. Click Revoke
5. The exception status changes to “Revoked”
6. The case status returns to “Open”
7. An exception_revoked evidence event is written to the audit trail

Common revocation scenarios:

• The underlying risk has changed (e.g., the page is now externally accessible)
• The exception was approved in error
• A security incident related to this risk has occurred
• The exception holder left the organization

Exception Expiry (Automatic)#

The daily maintenance job checks all approved exceptions for expired dates. When expiryDate < today:

1. The exception status is set to “Expired”
2. The case status returns to “Open”
3. An exception_expired evidence event is written
4. A notification is sent to relevant users

Users who submitted the original exception will see it reappear in their Cases queue (assigned to them) as a newly Opened case, signaling that re-evaluation is needed.

Creating a Jira Issue from a Case#

Requires the Jira integration to be configured and enabled in Admin > Integrations.

1. Open the Case Detail modal
2. In the action bar, click Create Jira Issue
3. A spinner indicates the API call is in progress
4. On success, a green banner appears: “Jira issue SEC-42 created successfully”
5. The Jira issue key (e.g., SEC-42) appears in the right sidebar as a clickable link
6. Clicking the link opens the Jira issue in a new browser tab

What data is sent to Jira:

• Issue title: the case title
• Issue description: case description + linked finding summaries + Confluence page links for each affected content ID
• Issue type: configured in Admin > Integrations (default: Task)
• Project: configured in Admin > Integrations

Auto-sync behavior: After the initial creation, the Jira issue status is periodically fetched and displayed in the sidebar. The integration does not automatically update the Jira issue when the case status changes in Aegis, manual updates are required.

Note: Each case can only have one Jira issue. The “Create Jira Issue” button disappears once a ticket has been created and linked.

Note: If Jira has not yet been connected to your site in Atlassian Administration, the button will not appear regardless of the Admin settings. See the Jira setup guide in Admin > Integrations for first-time connection instructions.

Bulk Actions on Cases#

Analysts and above can select multiple cases and apply status changes in bulk.

1. Check the checkbox in one or more case rows (or check the header checkbox to select all visible cases)
2. A bulk action bar appears above the table showing the selection count
3. Available bulk actions:
   • Close All: Moves all selected cases to “Closed”
   • Resolve All: Moves all selected cases to “Remediated”
4. Click Clear to deselect all without making changes

Bulk actions apply to all selected cases simultaneously. Each transition creates an individual evidence event per case.

Warning: Bulk Close cannot be undone in a single action. Cases can be individually reopened via the status dropdown after the fact.

Export Options#

From the Case Detail modal, expand the Export section:

• PDF: Generates a printable HTML view in a new browser tab. Contains the case title, metadata, description, linked findings, comments, and audit trail.
• JSON: Downloads a full evidence bundle as a structured JSON file with SHA-256 integrity hash, all fields, linked finding details, exception history, comment thread, and evidence events.
• CSV: Downloads a multi-file CSV package (one file per entity type: case, findings, exceptions, comments, events).
• HTML: Downloads a styled standalone HTML report suitable for archiving or emailing.

From the Cases list view, the Export dropdown button in the toolbar exports all currently visible (filtered) cases to PDF, CSV, or JSON, not individual case details.

PDF export includes: Case title, severity, status, assignee, SLA status, created date, description, linked findings count, and a current filter summary header.