Define fields and weights for the risk rule

  • Release version: Xanadu
  • Updated August 1, 2024
  • 3 minutes to read

    • Customize the parameters and weights for the risk rule so that you can generate risk scores that use the vulnerability and asset data that are unique to your organization. By selecting the fields that are included in the risk rule, you can define an effective risk scoring framework.

    Before you begin

    Role required: sn_vul.app_manage_risk_score_configuration

    Procedure

    1. Navigate to All > Application Vulnerability Response > Administration > Vulnerability Calculators.
    2. On the Vulnerability Calculators page, click Advanced Risk Calculator.
    3. Navigate to Vulnerability Calculator page > Vulnerability Calculator Rules tab > Default Risk Rule.
    4. Optional: In the Risk Calculator Criteria section of the Vulnerability Risk Rule page, set the weight for each criterion according to its importance in the overall risk score calculation.
    5. To deactivate the rule, you must clear the Active check box.
    6. To add risk rule fields to the Risk Calculator Criteria, click Add criteria.
    7. On the form, fill in the fields.
      Table 1. Risk rule field form
      Field Description
      Choose reference table Table that you use to define the risk score weightage. You can select one of these options:
      • Application Vulnerable Item: Add fields that are directly dot-walkable from the vulnerable item (VI).​
      • Application Vulnerable Item - Configuration Item: Add dot-walkable fields that are part of the base table extensions, such as the Hardware table. These fields are not part of the base table (cmdb_ci).
      • Application Vulnerable Item - Vulnerability: Add dot-walkable fields that are part of the tables that extend the base table, for example, Third-party Entry. These fields are not part of the Vulnerability Entry base table.
      • Application Vulnerable Item Reference Table: Add fields that are a part of the Related tables (m2m) or tables that have a reference to the vulnerable item. These fields are not directly dot-walkable from the VI.
      • Configuration Item Reference Table: Add fields that are a part of the Related tables (m2m) of cmdb_ci or tables that have a reference to cmdb_ci. These fields are not directly dot-walkable from the VI.
      • Vulnerability Reference Table: Add fields that are a part of the Related tables (m2m) of sn_vul_entry or tables that have a reference to sn_vul_entry. These fields are not directly dot-walkable from the VI.
      • Custom Conditions: Use this option to assign weights to the rule by evaluating the condition. For example, the Internet-facing filter determines if a configuration item (CI) is external or internal.
      Table Field that appears only when one of the following options is selected from the Choose reference table:
      • Application Vulnerable Item -> Configuration Item
      • Application Vulnerable Item -> Vulnerability
      • Application Vulnerable Item Reference Table
      • Configuration Item Reference Table
      • Vulnerability Reference Table
      Field Field to be used for risk score calculation for this rule.
      Aggregation Field that appears only when a reference table is selected from the Choose reference table. Select the minimum or maximum value to be considered for calculations when Field is selected from the Related tables (m2m).
      Weight Weightage of this field within the risk rule. The value must be an integer from 0 through 100.
      Define Value Weightage Component to assign weights to each field value. For numeric fields, field values can be defined as a range (for example, 1–5). The weights must be integer between 0–100.
      Note:
      This field does not appear if the Custom Conditions option is selected from the Choose reference table.
      Condition table Field that appears only when Custom conditions is selected from the Choose reference table. Select a condition from the list.
      Field name Field that appears only when Custom conditions is selected from the Choose reference table. Enter a name for the risk criteria.
      Condition Field that appears only when Custom conditions is selected from the Choose reference table. Preview the items in this table that match the defined conditions.
    8. Click Submit.
    9. In the Rule page, activate and reapply the rule to reevaluate the risk score on the active vulnerable items.

    Example

    Add source severity as a criterion for a risk rule.

    Use case: Third-party vendors, like Qualys and Tenable, provide their own scores. These scores are populated in the Source Severity field on the sn_vul_entry table. Use this field for risk score calculations. To use this score to compute the risk score, do the following:

    1. Navigate to the Risk rule page.
    2. To deactivate the rule, clear the Active check box.
    3. To add risk rule fields to the Risk Calculator Criteria, click Add criteria.
    4. From the Choose reference table list, select Application Vulnerable item.
    5. From the Field list, select Vulnerability.Severity.
    6. In the Weight field, enter the relative importance of this field within the risk rule. The value must be an integer from 0 through 100.
    7. In the Define Value Weightage section, add field values, and assign a weight to them.Risk rule example for severity
    8. Click Submit.