Operations Dashboard identifies at-risk assets, and provides remediation and suggested preventative options to manage the risk to your environment.
The Risk Assessment tab of the Device Profile, Account Profile, Service Account Profile, and Cloud Asset Profile screens displays the Risk Indicators table, which provides details about the risk events affecting your assets. By mitigating
the effects of the risk events and taking measures to prevent repeat events, you can
lower your company's overall risk index. Expand each row to view remediation actions
to manage each event as well as available attack prevention/detection rules you can apply to mitigate the event.
After performing remediation actions, create a Zero Trust Secure Access rule to automatically
respond to similar attacks in the future. For more information, see Secure access rules.
The following table outlines remediation actions for common risk factors.
|
Risk Factor
|
Event Type
|
Remediation Actions
|
|
Account compromise
|
Leaked account
|
Disable or reset this account with a strong password.
|
|
Credential anomaly
|
Investigate the event using the Workbench.
|
|
|
Email attack
|
Quarantine or delete the message using the product console.
|
|
|
Account access
|
Contact account owner to verify this event. Disable the account as required.
|
|
|
Anomaly detection
|
Account access
|
Contact account owner to verify this event. If risky, disable or reset this account
with a strong password.
|
|
Device access
|
Contact device owner to verify this event. If risky, disable or reset this
device.
|
|
|
Threat detections
|
<all>
|
Check event details on product management server.
|
|
Vulnerability Assessment
|
Operating system vulnerability
|
Apply the latest patch or upgrade the operating system version.
|
|
Application vulnerability
|
Apply the latest patch or upgrade the application version.
|
|
|
XDR detections
|
<all>
|
Investigate the event using the Workbench.
|