Views:

View the types of actions you can take to reduce the Risk Index.

The following table outlines the actions that directly impact the Risk Index.
Action
Description
Remediate risk events
Taking the recommended remediation steps might automatically adjust the Risk Index, depending on the risk event.
For example, Attack Surface Risk Management recommends applying the latest patches or upgrading the operating system whenever vulnerability-related risk events are detected. As vulnerability assessments are conducted daily, vulnerabilities that are patched today do not affect the calculation of tomorrow's Risk Index.
Change the status of risk events
To track your remediation progress, you can change the status of risk events. Changing the status of risk events affects individual asset risk scores and ultimately your organization's Risk Index.
Risk events for all risk factors except for XDR detectioncan be marked as one of the five following statuses:
  • New: Newly reported events requiring processing. New events affect individual risk scores and the Risk Index.
  • In progress: Events that are undergoing processing. In progress events affect individual risk scores and the Risk Index.
  • Remediated: Events that have been properly handled. Remediated events do not affect the Risk Index until a new instance of the event is reported.
  • Dismissed: Events that have been manually marked as posing no risk to your organization. Dismissed events do not affect the Risk Index until a new instance of the event is reported or an event rule for the risk event is created.
  • Accepted: Events that have been marked as too difficult or expensive to address. Accepted events continue to affect the Risk Index until they are remediated or dismissed. When marking a risk event as Accepted, you may create an event rule to mark current and future instances of the event as Accepted for a specified time period.
Note
Note
The Risk Index might take up to 30 minutes to update after changing the status of a risk event.
When marking a risk event as Dismissed, you may create an event rule so that future instances of the event are not reported and do not contribute to your Risk Index.
  1. In the Mark as Dismissed or Mark as Accepted dialog, select Create event rule for the selected risk event.
  2. Click Event rule settings.
  3. Select the scope for the new event rule under Apply to.
To view and remove previously created event rules, go to Event Rule Management.
The status of XDR detection-related risk events that have an assigned workbench alert can only be changed in the Workbench app.