Prioritization Rules are used by Strobes to generate a priority score for a vulnerability which can be used by the IT, Patch management and Development teams to better understand the risk that a vulnerability poses to the organisation and prioritise which vulnerabilities to fix. There are four metrics based on which Strobes calculates the priority score. The metrics are:
- Exploit availability
- Asset Exposure
- Asset Sensitivity
By default the weightage among the four metrics is distributed as follows:
Exploit availability - 50%
SLA - 10%
Asset Exposure - 20%
Asset Sensitivity - 20%
In the Prioritization Rules page you will find the following three options:
- Edit Ruleset
- Restore Default
- Simulate Prioritization Score
Edit Ruleset : Using Edit Ruleset, you can edit the weightage given to the SLA, Asset Exposure and Asset Sensitivity metrics . The weightage for Exploit availability cannot be changed. The following are the usage flow instructions:
- Click on 'Edit Ruleset'.
- Enter the weightage which you need to assign in the ‘Weightage in %’ fields for the metrics which you need to edit. For the sake of demonstration we are editing the default weightage and changing the value of SLA to 0% and the remaining metrics to 25% each.
- Click on ’Save’. Your rules will be applied and will now be used to calculate the priority score across all the vulnerabilities in your organization.
Restore Default : This option simply restores the default Strobes weightage for all the metrics.
Simulate Prioritization Score : Using this option you can test your prioritization weightage. The following are the usage flow instructions:
- Click on ‘Simulate prioritization score’.
- Choose a vulnerability from the dropdown.
- Now click on ‘Simulate prioritization score’.
- A Prioritization Score will now be displayed.
Article is closed for comments.