Managing risks
Display additional information
To view additional information on a specific misconfiguration, find it in the grid and click anywhere on the row it is located on to display the Additional information panel.
The panel displays different information, based on the type of risk and the related information currently available:
General
This section contains general information regarding the risk:
Misconfiguration type - The type of the misconfiguration.
Risk score - The risk score of the Misconfiguration.
Status - The status of the Misconfiguration
State - The state of the Misconfiguration
OS - The type of operating system that is affected by the Misconfiguration.
Mitigation type - The type of mitigation that can be applied to this Misconfiguration.
Compliance - The compliance standards corresponding to the check that resulted in the detection of the misconfiguration.
In watchlist - Indicates if this Misconfiguration has been added to your watchlist.
Additionally, the following actions are available:
View devices - This link takes you to the Devices page, where it displays all devices affected by this Misconfiguration.
Add to watchlist - Add this Misconfiguration to your watchlist.
Details
Risks are created as a result of a specific check belonging to a security standard failing. This section provides details on what the check entailed and what requirements the security standard contained.
Compliance
This section provides you with information on the Security Standard used for the scan that created the risk, along with the section and subsection the security requirement can be found under.
Risk mitigation
This section provides information on the steps required to fix the risk.
Additionally, the following options are available:
Fix risk - This action automatically applies the steps required to fix the risk.
This option is not available for all misconfigurations.
Ignore risk - Ignore the selected risk.
Devices
This section provides you with a list of devices where this risk has been detected.
Selecting any of the devices displays a list of affected resources from the selected device.
General
This section contains general information regarding the risk:
Application type - The type of the application.
Risk score - The risk score of the vulnerable application.
State - The state of the vulnerable application.
OS - The type of operating system that is affected by the vulnerable application.
Targets your industry - Indicates if any of the vulnerabilities detected for the selected application targets your industry.
In watchlist - Indicates if the vulnerable application is currently in the watchlist.
Additionally, the following actions are available:
View devices - This link takes you to the Devices page, where it displays all devices affected by this vulnerable application.
Add to watchlist - Add this vulnerable application to your watchlist.
Risk mitigation
This section provides information on the steps required to fix the risk.
Additionally, the following options are available:
Patch app - This option automatically updates the app to the latest available version that fixes the vulnerability. For more information, refer to Risk mitigation (fixing risks).
Ignore application - Ignore selected vulnerable application.
Devices
This section provides you with a list of devices where this risk has been detected.
Selecting any of the devices displays a list of affected resources from the selected device.
CVE ID
This section lists all CVEs related to this application.
Click on the title of the CVE to display a description and the following links:
View CVE database - Opens a link in a new browser tab to the official page of the CVE.
View devices - Open the Devices page in a new tab, searching for all the devices where the CVE applies.
General
This section contains general information regarding the risk:
Risk score - The risk score of the User behavior risk.
Status - The status of the User behavior risk.
State - The state of the User behavior risk.
OS - The type of operating system that is affected by the User behavior risk.
Mitigation type - The type of mitigation that can be applied to this User behavior risk.
Compliance - The compliance standards corresponding to the check that resulted in the detection of the misconfiguration.
In watchlist - Indicates if the User behavior risks currently in the watchlist.
Additionally, the following actions are available:
View users - This link takes you to the Users page, where it displays all the users that this risk applies to.
Add to watchlist - Add this risk to your watchlist.
Details
Risks are created as a result of a specific check belonging to a security standard failing. This section provides details on what the check entailed and what requirements the security standard contained.
Compliance
This section provides you with information on the Security Standard used for the scan that created the risk, along with the section and subsection the security requirement can be found under.
Risk mitigation
This section provides information on the steps required to fix the risk.
Additionally, the following options are available:
Ignore risk - Ignore the selected risk.
Users
This section provides you with a list of users where this risk has been detected.
General
This section contains general information regarding the device:
Risk score - The risk score of the device.
Device type - The type of the device.
OS - The type of operating system that is affected by the device.
FQDN - The FQDN address of the device.
IP - The IP address of the device.
MAC - The Mac address of the device.
Device tags - The endpoint tags applied to the device.
For more information, refer to Using endpoint tags.
Status - The status of the device.
State - The state of the device.
CVEs - The number of CVEs that apply to the device.
In watchlist - Indicates if the device is currently in the watchlist.
Additionally, the following actions are available:
View users - This link takes you to the Users page, where it displays all users that are associated with this device.
Add to watchlist - Add this device to your watchlist.
View events and alerts - This link takes you to the Search page, where it displays all EDR and XDR events and alerts associated with this device.
View incidents - This link takes you to the Incidents page, where it displays all EDR and XDR incident associated with this device.
Risk mitigation
This section provides a list of actions you can take on the device.
The following options are available:
Fix risk - Fixes all the risks that have automatic mitigation and are associated with the selected device.
Ignore device - Ignores the device.
Isolate devices - Isolate the device from all local and external connections and networks.
Misconfigurations
This section provides you with a list of all misconfigurations found for the selected device.
App vulnerabilities
This section provides you with a list of all vulnerabilities found for the selected device.
General
This section contains general information regarding the risk:
User name - The name of the User.
Risk score - The risk score of the User.
Department - The department the user is assigned to.
User devices - The number of devices that this is assigned to, grouped per endpoint type.
Email - The email address of the user.
Status - The status of the User.
State - The state of the User.
In watchlist - Indicates if the Users currently in the watchlist.
Additionally, the following actions are available:
View risks - This link takes you to the User behavior risks page, where it displays the risks that are associated with this user.
Add to watchlist - Add this device to your watchlist.
View events and alerts - This link takes you to the Search page, where it displays all EDR and XDR events and alerts associated with this user.
View incidents - This link takes you to the Incidents page, where it displays all EDR and XDR incident associated with this user.
Risk mitigation
This section provides the actions available for this device.
The following options are available:
Ignore user - Ignore all the risks associated to the selected user.
Local / AD
This section provides you with a list of risk associated to that specific user.
Risk mitigation (fixing risks)
Risk mitigation involves taking action to remediate the source of the detected vulnerability. This may involve actions such as changing settings, updating software, modifying policies, changing passwords, and more.
There are several ways you can resolve a risk:
Automatic mitigation - You can use this option to create a task that will automatically make the necessary modifications to fix the issue. This option is available only for Misconfigurations.
Manual mitigation - This option needs to be performed manually. Specific threats needs actions taken that can not be automated. The steps required to fix the risk can be found in the Additional information side panel, under the Risk mitigation section.
Patch app - This option automatically updates the app to the latest available version that fixes the vulnerability.
For this option to be available, the following requirements must be met:
Your license must include access to the Patch Management feature.
The endpoint where the risk was detected must have the Patch Management module installed.
The endpoint where the risk was detected must have a policy installed that has the Patch Management feature enabled.
An update must be available that includes a fix for the detected vulnerability.
Important
After fixing a risk, a new scan may not immediately reflect the update. It can take up to an hour for the changes to be accurately detected.
Ignoring risks
If there are certain risks that you feel cannot be resolved at the moment, you can temporarily remove them from the list of displayed risks to reduce the clutter. Doing this will also remove from the risk from the data processed by the Risk Management Dashboard.
You can do this using one of these methods:
Find the risk using one of the Risk Management pages.
Select the corresponding checkbox under the first column on the right side of the page. You can select multiple risks.
Click the State button on the top of the list and select Ignore threat.
Alternatively, you can click the Ignore threat button found in the Additional information panel, under the Risk mitigation section.
Note
You can reverse this action by repeating the process, selecting the Restore ignored risks option instead.
Working with Watchlists
Watchlists are default smart views that start off as empty and provide you with a way of tracking high priority risks. Each page under the Risk Management section has it's own watchlist.
To add a risk to a watchlist follow these steps:
Find the risk using one of the Risk Management pages.
Select the corresponding checkbox under the first column on the right side of the page. You can select multiple risks.
Click the Watchlist button on the top of the list and select Add to watchlist.
Alternatively, you can click the Add to watchlist button found in the Additional information panel, under the General section.
Note
You can reverse this action by repeating the process, selecting the Remove from watchlist instead.
To view a watchlist, click the Watchlist option under the Default section in the Smart views panel.
