Managing risks
Display additional information
To view additional information about a specific finding in a side panel, locate it in the grid and click anywhere on its row, except the Affected resources column.
The panel displays specific information that varies based on the type of risk and the related data available.
General
This section contains general information regarding the risk:
Finding type - The type of the finding.
Risk score - The risk score of the finding.
Status - The status of the finding
State - The state of the finding
Platform - The type of operating system affected by the finding.
Mitigation type - The type of mitigation that can be applied to this finding.
Compliance - The compliance standards corresponding to the check that resulted in the detection of the finding.
In watchlist - Indicates if the finding has been added to your watchlist.
Additionally, the following actions are available:
View resources - This link redirects you to the Devices page, where you can view all resources affected by this finding.
Add to watchlist - Add the finding to your watchlist.
Details
Risks are created as a result of a specific check belonging to a security standard failing. This section provides details on what the check entailed and what requirements the security standard contained.
Compliance
This section provides you with a list of security standards on which the scan is based, along with the sections and subsections containing the security requirement.
Risk mitigation
This section provides information on the steps required to fix the risk.
Additionally, the following options are available:
Fix risk - This action automatically applies the steps required to fix the risk.
Note
This option is not available for all findings.
Roll back risk - Reverse the changes performed by the previous Fix risk request.
Note
This option is not available for all findings.
Ignore risk - Ignore the selected risk.
Resources
This section provides you with a list of resources where this risk has been detected.
Selecting any of the resources displays a list of affected resources from the selected resource.
General
This section contains general information regarding the risk:
Application type - The type of the vulnerable application.
Risk score - The risk score of the vulnerable application.
State - The state of the vulnerable application.
Platform - The type of operating system that is affected by the vulnerable application.
Targets your industry - Indicates if any of the vulnerabilities detected for the selected application targets your industry.
In watchlist - Indicates if the vulnerable application is currently in the watchlist.
Additionally, the following actions are available:
View resources - This link redirects you to the Devices page, where you can view all the resources affected by this vulnerable application.
Add to watchlist - Add the vulnerable application to your watchlist.
Risk mitigation
This section provides information on the steps required to fix the risk.
Additionally, the following options are available:
Patch app - This option automatically updates the app to the latest available version that fixes the vulnerability. For more information, refer to Risk mitigation (fixing risks).
Ignore application - Ignore the selected vulnerable application.
Resources
This section provides you with a list of resources where this risk has been detected.
Selecting any of the resources displays a list of associated vulnerabilities.
CVE ID
This section lists all CVEs related to this application.
Click on the title of the CVE to display a description and the following links:
View CVE database - Opens a link in a new browser tab to the official page of the CVE.
View resources - Open the Resources page in a new tab, searching for all the resources where the CVE applies.
General
This section contains general information regarding the risk:
Risk score - The risk score of the identity risk.
Status - The status of the identity risk.
State - The state of the identity risk.
Platform - The type of operating system that is affected by the identity risk.
Mitigation type - The type of mitigation that can be applied to this identity risk.
Compliance - The compliance standards corresponding to the check that resulted in the detection of the finding.
In watchlist - Indicates if the identity risk is currently in the watchlist.
Additionally, the following actions are available:
View identities - This link takes you to the Identities page, where it displays all the identities that this risk applies to.
Add to watchlist - Add this risk to your watchlist.
Details
This section outlines the requirements and verification processes involved in conducting the check that identified this identity risk.
Compliance
This section provides you with a list of security standards on which the scan is based, along with the sections and subsections the security requirement can be found under.
Risk mitigation
This section provides information on the steps required to fix the risk.
Additionally, the following options are available:
Ignore risk - Ignore the selected risk.
Identities
This section provides you with a list of identities where this risk has been detected.
General
This section contains general information regarding the resource:
Risk score - The risk score of the resource.
Resource type - The type of the resource.
Platform - The type of operating system that is affected by the resource.
FQDN - The FQDN address of the resource.
IP - The IP address of the resource.
MAC - The Mac address of the resource.
Endpoint tags - The endpoint tags applied to the resource.
For more information, refer to Using endpoint tags.
Status - The status of the resource.
State - The state of the resource.
Last scanned on - The timestamp for the last time the resource was scanned.
Findings - The number of findings detected on this resource.
CVEs - The number of CVEs that affect the resource.
In watchlist - Indicates if the resource is currently in the watchlist.
Additionally, the following actions are available:
View identities - This link takes you to the Users page, where it displays all identities that are associated with this resource.
Add to watchlist - Add this resource to your watchlist.
View events and alerts - This link takes you to the Search page, where it displays all EDR and XDR events and alerts associated with this resource.
View incidents - This link takes you to the Incidents page, where it displays all EDR and XDR incident associated with this resource.
Risk mitigation
This section provides a list of actions you can take on the resource.
The following options are available:
Fix risk - Fixes all the risks that have automatic mitigation and are associated with the selected resource.
Note
This option is not available for all resources.
Roll back risk - Reverse the changes performed by the previous Fix risk request.
Note
This option is not available for all resources.
Ignore resource - Ignores the resource.
Isolate resources - Isolate the resource from all local and external connections and networks.
Findings
This tab provides you with a list of all findings found for the selected resource.
App vulnerabilities
This tab provides you with a list of all vulnerabilities found for the selected resource.
General
This section contains general information regarding the risk:
Risk score - The risk score of the identity.
Identity type - The type of the identity.
Department - The department the identity is assigned to.
Identity resources - The number of resources that this identity typically uses or has logged in to in the past 30 days.
Email - The email address of the identity.
Platforms - The operating systems where this identity was detected.
Last scanned on - The timestamp for the last time the identity was last scanned.
Status - The status of the identity.
State - The state of the identity.
In watchlist - Indicates if the identities currently in the watchlist.
Additionally, the following actions are available:
View risks - This link takes you to the User behavior risks page, where it displays the risks that are associated with this identity.
Add to watchlist - Add this resource to your watchlist.
View events and alerts - This link takes you to the Search page, where it displays all EDR and XDR events and alerts associated with this identity.
View incidents - This link takes you to the Incidents page, where it displays all EDR and XDR incident associated with this identity.
Risk mitigation
This section provides the actions available for this resource.
The following options are available:
Ignore identity - Ignore all the risks associated to the selected identity.
Identity risks
This section provides you with a list of risk associated to that specific identity.
Display affected resources
When viewing risks in any grid, you can display a full list of affected resources by clicking on the corresponding value under the Affected resources column.
This will display the Affected resources sidebar:
Clicking on the menu button next to any resource will provide you with the following options:
View resource - This option opens the Resources page in a new tab, where filters will be automatically configured to display only the selected resource.
View incidents - This option opens the Incidents page in a new tab, where filters will be automatically configured to display all incidents where this resource was involved.
Risk mitigation (fixing risks)
Risk mitigation involves taking action to remediate the source of the detected vulnerability. This may involve actions such as changing settings, updating software, modifying policies, changing passwords, and more.
There are several ways you can resolve a risk:
Automatic mitigation - You can use this option to create a task that will automatically make the necessary modifications to fix the issue. This option is available only for findings.
Manual mitigation - This option needs to be performed manually. Specific threats needs actions taken that can not be automated. The steps required to fix the risk can be found in the Additional information side panel, under the Risk mitigation section.
Patch app - This option automatically updates the app to the latest available version that fixes the vulnerability.
For this option to be available, the following requirements must be met:
Your license must include access to the Patch Management feature.
The endpoint where the risk was detected must have the Patch Management module installed.
The endpoint where the risk was detected must have a policy installed that has the Patch Management feature enabled.
An update must be available that includes a fix for the detected vulnerability.
Important
After fixing a risk, a new scan may not immediately reflect the update. It can take up to an hour for the changes to be accurately detected.
Roll back fixes
Mitigation for specific risks also comes with a reverse option. After applying a fix for a finding or a resource, you can use the Roll back risk option to automatically reverse all changes performed by the Fix risk task.
To perform a roll back fix, follow these steps:
Identify the risk using one of the sections from Risk Management.
Select the corresponding checkbox under the first column on the grid. You can select multiple risks.
Click the Fix risk button on the top of the list and select Roll back fixes.
Alternatively, you can click the Roll back fix button located in the Additional information panel, under the Risk mitigation section.
Ignore risks
If there are certain risks that you feel cannot be resolved at the moment, you can temporarily remove them from the list of displayed risks to reduce the clutter. Doing this will also remove from the risk from the data processed by the Risk Management Dashboard.
You can do this using these steps:
Find the risk using one of the Risk Management pages.
Select the corresponding checkbox under the first column on the right side of the page. You can select multiple risks.
Click the State button on the top of the list and select Ignore threat.
Alternatively, you can click the Ignore threat button found in the Additional information panel, under the Risk mitigation section.
Note
You can reverse this action by repeating the process, selecting the Restore ignored risks option instead.
Work with Watchlists
Watchlists are default smart views that start off as empty and provide you with a way of tracking high priority risks. Each page under the Risk Management section has it's own watchlist.
To add a risk to a watchlist follow these steps:
Find the risk using one of the Risk Management pages.
Select the corresponding checkbox under the first column on the right side of the page. You can select multiple risks.
Click the Watchlist button on the top of the list and select Add to watchlist.
Alternatively, you can click the Add to watchlist button found in the Additional information panel, under the General section.
Note
You can reverse this action by repeating the process, selecting the Remove from watchlist instead.
To view a watchlist, click the Watchlist option under the Default section in the Smart views panel.
