Configure risk calculators
Determine which OT risk factors to use when calculating the risk of a vulnerable item on an OT device.
시작하기 전에
In Operational Technology, additional factors can include the OT device criticality, the Purdue Level, and the criticality of the production process that the OT device automates.
Role required: sn_sec_wf.manage_admin_rules
이 태스크 정보
For this step, refer to the Default Risk Calculator with OT vulnerability calculator shipped with the Operational Technology Vulnerability Response application. The Default Risk Calculator with OT is used when risk must be calculated differently for OT and non-OT vulnerable items.
주:
- You can directly access and use the Operational Technology Vulnerability Response Risk Calculator without loading the demo data while installing the plugin. In previous releases, Risk Calculation was included as part of the demo data.
- Because only one vulnerability calculator can be active at a time, the provided Default Risk Rule (non OT) is used as an example for calculating risk for all non-OT vulnerable items.
For more information, see Define fields and weights for the risk rule.
To set the risk score for OT vulnerable items, adjust the weights for the risk rule
records of the OT Default Risk Rule in the demo data. More fields available for OT
in the demo data include:
- Equipment Model Entity Criticality - Use the Service Business criticality rule.
- OT Device Criticality - Use the Configuration item OT device details Device Criticality rule.
- Purdue Level - Use the Configuration item OT device details Purdue level field.
프로시저
다음에 수행할 작업
To set the risk score for all other vulnerable items, copy the existing risk rules to the Default Risk Calculator with OT, and set the order to run after the OT Default Risk Rule.