Cortex Xpanse uses a set of Risk Factors when calculating incident risk scores.
Cortex Xpanse uses the set of Risk Factors described below when calculating risk scores. Risk Factors are associated with alerts, so an incident (which is a collection of alerts) will have one or more risk factors. You can view the risk factors associated with an incident on the Risk tab of the incident details pane.
The following table provides a brief description of each of the risk factors that can impact a risk score.
Risk Factor | Brief Description |
|---|---|
Critical System | High value systems such as ICS/SCADA, Domain Controllers, Medical Systems. |
EOL System | Any product that is End-of-Life or has EOL/legacy versions. |
Exposed Login | Any product where unintentional exposure of a login portal or authentication system is likely. |
Informational | Any product that we don't find inherently risky. |
IoT System | Physical asset products such as surveillance cameras or embedded systems. |
Misconfiguration | Any product where there's a significant risk of unintentional misconfiguration. |
No Cryptography | Any service where no cryptography is implemented (i.e. unencrypted logins). |
Potential Data Loss | Any product where unintentional exposure of non-public data or storage locations is likely. |
Privileged Access | Any product that can be used to manage or administer computational resources. |
Remote Access | Any product that enables remote access into a network. |
Vulnerable | Any product/service/protocol for which a CVE exists or that we deem to be risky most of the time (for example, RDP). |
Weak Cryptography | Any product that implements cryptography that is easy to exploit. |