Overview
The Risk Score Calculator in ServiceNow's Zurich Security Management module enables dynamic and customizable scoring of security incidents. This article outlines how to define, modify, and manage risk score rules using both Criteria Builder and Advanced Script options.
Prerequisites
- Role Required: sn_si.admin
- System Property Activation:
Set sn_si_aw.activate_new_risk_score_calculator to true to enable the new calculator.
Key Concepts
- Risk Score Calculation is based on user-defined parameters.
- The base system includes one predefined rule, which can be edited but not deleted or recreated.
- Risk scores are auto-calculated for new and updated security incidents.
- Historical scores can be updated using the Recalculate Score action.
Configuration Steps
1. Navigate to:
Workspaces > Security Incident Response Workspace > Administration > Rules Engine > Risk Score Calculator Rule
2. Select the predefined rule and configure:
FieldDescription
| Name | Name of the rule (e.g., Risk Score Calculator) |
| Description | Purpose of the rule |
| Overall Weightage | Auto-calculated based on enabled criteria |
| Scoring Criteria | Define using Criteria Builder or Script |
Criteria Builder
Use this to add/edit/remove scoring criteria:
- Table Selection: Choose Security Incident or related tables like Affected Users.
- Type: Field or Aggregate (e.g., Count of related records).
- Field: Select relevant fields (e.g., Severity, Priority).
- Weightage: Assign values ensuring total = 100%.
- Conditions: Define logic and scoring thresholds.
✅ Tip: To exclude a field like Affected User, simply disable or remove its criteria from the builder.
Advanced Script Option
Use scripting for custom logic:
- current refers to the GlideRecord of the sn_si_incident table.
- Ideal for complex scoring logic beyond UI configuration.
Recalculate Scores
After modifying rules, use Recalculate Score to apply changes to existing incidents. This runs as a background job.
