Views:

View the types of actions you can take to reduce the Risk Index.

The following table outlines the actions that directly impact the Risk Index.
Note
Note
The Risk Index automatically updates every four hours. Changes to the status of risk events are reflected in the Risk Index after up to one hour. You may also manually recalculate the Risk Index by clicking the Recalculate button. Manual recalculations take up to one hour to display.
Action
Description
Remediate risk events
Taking the recommended remediation steps might automatically adjust the Risk Index, depending on the risk event.
For example, Attack Surface Risk Management recommends applying the latest patches or upgrading the operating system whenever vulnerability-related risk events are detected. As vulnerability assessments are conducted daily, vulnerabilities that are patched today do not affect the calculation of tomorrow's Risk Index.
Apply attack prevention/detection rules
If you have other Trend Micro products connected to Trend Vision One, you may apply rules or filters to the affected assets to mitigate vulnerabilities and lower the Risk Index. Supported Trend Micro products include:
  • Trend Cloud One - Endpoint & Workload Security
  • Trend Micro Apex One
  • Trend Micro Deep Security
  • Standard Endpoint Protection
  • Server & Workload Protection
  • TippingPoint Security Management System
  • Worry Free Services
Change the status of risk events
To track your remediation progress, you can change the status of risk events. Changing the status of risk events affects individual asset risk scores and ultimately your organization's Risk Index.
Risk events for all risk factors except for XDR detection can be marked as one of the five following statuses:
  • New: Newly reported events requiring processing. New events affect individual risk scores and the Risk Index.
  • In progress: Events that are undergoing processing. In progress events affect individual risk scores and the Risk Index.
  • Remediated: Events that have been properly handled. Remediated events do not affect the Risk Index until a new instance of the event is reported.
  • Dismissed: Events that have been manually marked as posing no risk to your organization. Dismissed events do not affect the Risk Index until a new instance of the event is reported or an event rule for the risk event is created.
  • Accepted: Events that have been marked as too difficult or expensive to address. Accepted events continue to affect the Risk Index until they are remediated or dismissed.
Note
Note
The Risk Index might take up to 30 minutes to update after changing the status of a risk event.
The status of XDR detection-related risk events that have an assigned workbench alert can only be changed in the Workbench app.
Create event rules for risk event instances
When marking a risk event as Dismissed, you may create an event rule so that future instances of the event are not reported and do not contribute to your Risk Index.
  1. Change the status of a risk event to Accepted or Dismissed.
  2. In the Mark as Dismissed or Mark as Accepted dialog, select Create event rule for the selected risk event.
  3. Click Event rule settings.
  4. Select the scope for the new event rule under Apply to.
  5. If supported for the risk event type, you may also set additional parameters for the event rule.
    • Event rules with set parameters only apply when the parameters are met. Risk event instances that do not meet rule parameters are still reported, which impacts your Risk Index.
To view, remove, reactivate, or edit previously created event rules, go to Event Rule Management.