Views:

View information about high-impact risk events and remediation steps that you must complete to achieve specific risk reduction goals.

Risk Reduction Measures provides a structured and targeted approach to reducing your Risk Index. After you select a risk reduction goal, the widget displays the risk events with the highest impact on the Risk Index, the assets most affected by these events, and the recommended remediation steps. To access the widget, go to Operations DashboardRisk FactorsRisk Reduction Measures.
Note
Note
The Risk Index automatically updates every four hours. Changes to the status of risk events are reflected in the Risk Index after up to one hour. You may also manually recalculate the Risk Index by clicking the Recalculate button. Manual recalculations take up to one hour to display.
Updating the Risk Index after remediation might take up to 24 hours to complete, depending on the connected data sources used.
The following table outlines the actions you can perform on the widget.
Action
Description
Click Select a Goal to choose an available risk reduction goal or specify your own goal.
View a summary of the risk events that you must remediate to achieve the selected goal
The widget shows information about risk events with the highest impact on your Risk Index, including the following:
  • Type and quantity of assets most impacted by the risk event
  • Real-time impact of remediation on the Risk Index
  • Recommended remediation steps
    Note
    Note
    Following these recommendations might automatically adjust the Risk Index, depending on the risk event remediated.
Data in the summary table is updated every 4 hours while changes to asset details take effect immediately. Any inconsistencies might be resolved whenever the summary table is updated.
View information about the assets that were most impacted by each risk event
Click any risk event to view the list of most impacted assets with available remediation actions. Attack Surface Risk Management recommends prioritizing these assets so you can achieve the selected risk reduction goal.
The list only includes assets with risk events that are marked "New" and "In progress".
Important
Important
For customers that have updated to the Foundation Services release, additional details are only available for devices within the asset visibility scope of the current user.
Change the status of risk events.
To track your remediation progress, you can change the status of risk events. Changing the status of risk events affects individual asset risk scores and ultimately your organization's Risk Index.
Risk events for all risk factors except for XDR detection can be marked as one of the five following statuses:
  • New: Newly reported events requiring processing. New events affect individual risk scores and the Risk Index.
  • In progress: Events that are undergoing processing. In progress events affect individual risk scores and the Risk Index.
  • Remediated: Events that have been properly handled. Remediated events do not affect the Risk Index until a new instance of the event is reported.
  • Dismissed: Events that have been manually marked as posing no risk to your organization. Dismissed events do not affect the Risk Index until a new instance of the event is reported or an event rule for the risk event is created.
  • Accepted: Events that have been marked as too difficult or expensive to address. Accepted events continue to affect the Risk Index until they are remediated or dismissed.
Note
Note
The Risk Index might take up to 30 minutes to update after changing the status of a risk event.
The status of XDR detection-related risk events that have an assigned workbench alert can only be changed in the Workbench app.
Create event rules for risk event instances
When marking a risk event as Dismissed, you may create an event rule so that future instances of the event are not reported and do not contribute to your Risk Index.
When marking a risk event as Accepted, you may create an event rule that automatically marks all current and future instances of the risk event as Accepted within a specified time period. Accepted rules still contribute to your Risk Index.
  1. Change the status of a risk event to Accepted or Dismissed.
  2. In the Mark as Dismissed or Mark as Accepted dialog, select Create event rule for the selected risk event.
  3. Click Event rule settings.
  4. Select the scope for the new event rule under Apply to.
  5. If supported for the risk event type, you may also set additional parameters for the event rule.
    • Event rules with set parameters only apply when the parameters are met. Risk event instances that do not meet rule parameters are still reported, which impacts your Risk Index.
To view, remove, reactivate, or edit previously created event rules, go to Event Rule Management.
Create or view a case for a risk event
Click the number in the case column to view current cases involving the specified risk event. Click the options icon (options=ddb0b67f-0654-4aa5-8bc7-48ec554c5448.png) to open a new case for the risk event or add the case to an existing risk event. This option is not available for XDR detection or Vulnerabilities risk events.
View information about all actionable risk events.
Click All risk events to view the list of all risk events identified in the last 30 days with available remediation actions. You can also view information about all assets impacted by each risk event.
Displays the overall Risk Index overview for your organization over the last 7 days and the specific risk categories that contribute to the score.
The Risk Reduction Measures widget lists risk events and related assets with the highest impact on your Risk Index and suggests effective remediation steps based on your selected risk reduction goal. Click Select a Goal to change the risk reduction goal.