How Risk Score on Third-Party Vulnerability Entry (sn_vul_third_party_entry) is calculated?

Maloy Banerjee1
Tera Expert

‎01-01-2024 10:59 AM

Hi All,

 

Can anyone explain how the Risk Score on Third-Party Vulnerability Entry (sn_vul_third_party_entry) or Vulnerability Entry (sn_vul_entry)is calculated?

 

In my case, I have a tenable plugin with ID TEN-35291, and the risk score for this Vulnerability is 54. Unfortunately, I am unable to figure out the formula/calculation behind this.

 

Please suggest

 

 

MaloyBanerjee1_1-1704135521580.png

 

 

Regards,

Maloy Banerjee

 

0 Helpfuls
  • 891 Views
2 REPLIES 2

Swapna Abburi
Mega Sage
Mega Sage

‎01-01-2024 03:40 PM

@Maloy Banerjee1 

It is usually calculated from Vulnerability Calculators. You can find the vulnerability calculator rules in the related list of Vul Calculator. Please replace instance name in below URL.

https://xxxxxxxx.service-now.com/sn_vul_calculator_group_list.do?sysparm_query=table%3Dsn_vul_vulner...

 

0 Helpfuls

andy_ojha
ServiceNow Employee
ServiceNow Employee

‎01-02-2024 04:40 AM

Hey there,

The Risk Score (and in turn, Risk Rating) on the Third-Party Entry / Vuln Entry - is calculated using the SecOps VR Feature called "Vulnerability Rollup Calculator"

 

The idea is to reflect the risk a given Vulnerability would pose to an environment. 

As each Vulnerable Item has a Risk Score (based on your configured Scoring Calculator) - that would incorporate environmental factors like Asset Criticality, Internal vs External per Vulnerable Item.

The Rollup Calculator - aggregates the risk posed by the currently active (not closed) Vulnerable Items tied to that Vulnerability, and there are other Rollups that occur as well similarly using the Rollup Calculator concept (e.g. Remediation Task).

Check out this post for more details:

Reference to Rollup Calculator on Docs: