Risk Factors - User Guide - 2 - Cortex XPANSE - Cortex - Security Operations

Cortex Xpanse Expander User Guide

Creation date
Last date published
User Guide

Cortex Xpanse uses a set of Risk Factors when calculating incident risk scores.

Cortex Xpanse uses the set of Risk Factors described below when calculating risk scores. Risk Factors are associated with alerts, so an incident (which is a collection of alerts) will have one or more risk factors. You can view the risk factors associated with an incident on the Risk tab of the incident details pane.

The following table provides a brief description of each of the risk factors that can impact a risk score.

Table 2. Risk Factors Used in Xpanse Risk Scoring

Risk Factor

Brief Description

Critical System

High value systems such as ICS/SCADA, Domain Controllers, Medical Systems.

EOL System

Any product that is End-of-Life or has EOL/legacy versions.

Exposed Login

Any product where unintentional exposure of a login portal or authentication system is likely.


Any product that we don't find inherently risky.

IoT System

Physical asset products such as surveillance cameras or embedded systems.


Any product where there's a significant risk of unintentional misconfiguration.

No Cryptography

Any service where no cryptography is implemented (i.e. unencrypted logins).

Potential Data Loss

Any product where unintentional exposure of non-public data or storage locations is likely.

Privileged Access

Any product that can be used to manage or administer computational resources.

Remote Access

Any product that enables remote access into a network.


Any product/service/protocol for which a CVE exists or that we deem to be risky most of the time (for example, RDP).

Weak Cryptography

Any product that implements cryptography that is easy to exploit.