Security exposure index
Navigate to Dashboard -> Auditor and scroll down to Auditor Ruleset and Integrity check graphs. The graphs shows the timeline of the overall security score, separately for Ruleset and Integrity Check.
Each and every generated event has a severity, which is user defined based on own preference.
|Alert severity||Default multiplicator|
The overall score is a number showing the aggregated score of all the generated alerts. Ideally the number should be 0 (zero) or as low as possible.
How is the overall score calculated
The result is calculated by multiplying the number of alerts of each severity level by their respective default multiplicators and summing them together.
- Example: There is 10 low, 5 medium, 3 high and 2 critical alerts.
- Result: (10 x 1) + (5 x 2) + (3 x 3) + (2 x 4) = 37
There is a possibility to override the default multiplicator for a specific auditor rule which has the critical severity. For example there is a rule making sure there is no any/any security policy which allows all the traffic this specific rule has a user overriden priority to 10.
- Example: Let’s assume the same example as above, but there is one event generated by the override rule which has a severity high but with score 10.
- Result: 10 + (5 x 2) + (3 x 3) + (1 x 4) + (1 * 10) = 44
How to override the default score
You can change the default score (4) for every auditor rule, which has severity critical. Note, you can only override the score for critical severity, not for any lower.