Security Incident Calculators not working for me. What could I be doing wrong?

Joel Pomales1
Tera Contributor

Hello team.

 

Quick (and maybe dumb!) question:

 

I'm trying different security incident calculators here to get fields set and to get a risk score. I've changed conditions, orders, etc and nothing seems to work. On my PDI, the one that always runs is the last one called 'Business Impact' which runs the 'Aggregate from Severity Calculators' calculator which runs a script include. And even when I turn that off (false), a new incident does not take from the security calculators before it.

 

What am I missing here?

9 REPLIES 9

Can you post a screenshot of your config?

Here.

Tried to do the simplest calculator I could think of.

That looks correct. Very weird that it's not working. I'm at a lost as well but will let you know if I think of anything else to try. I would also open a support ticket since it doesn't appear to working. Hopefully someone else in the community has suggestions while you wait for a response from support.

Hey there - darn, you bumped into a notable easter egg 😉 

We had an older Community Post on this but seems it is archived or I was just not able to find it by searching...

How are you setting the Service on the SIR record?   Are you setting the Service by hand - or are you picking a CMDB_CI value, for that Service to populate with some logic?

Wrinkle we had before was around the Order of the Business Rules that run on the SIR Table. 

--> There is a separate Business Rule on the SIR table that sets the Business Impact - and possibly it's fighting with the value you are setting in the Security Incident Calculator
   - Biz Rule for SIR Calculator (Name = Calculate Severity, Order = 40, BEFORE)
   - Biz Rule for Business Impact (Name = Calculate Business Impact, Order = 100, BEFORE)

Sorry. Was busy and had to come back to this.

Manually. So it is my understanding that there may be business rules running that is fighting with my calculator? I'd have to check.

 

I also modified the one for users so it grabs the department and calculates the risk down. That one doesn't take at all.  It takes the one I created, and I disabled the severity calculator script include one. 

 

So maybe it would be a good idea on a brand new implementation to check the business rules and OOTB calculators and see how one influences the other? I like the idea of the risk score on a SI based on factors, but if it's too much of a hassle I don't know how that will work with clients / devs. IMO.