Enterprise Recon Cloud 2.12.0
How To Use Risk Scoring and Labeling
PRO This feature is only available in Enterprise Recon Cloud PRO Edition. To find out more about upgrading your ER Cloud license, please contact Ground Labs Licensing. See Subscription License for more information.
This section covers the following:
Overview
Not all sensitive data findings are equal. Vulnerable systems that contain prohibited sensitive data need to be secured right away, while some may have already been acted upon and do not need immediate attention.
With the Risk Scoring and Labeling feature, you can create Risk Profiles configured with custom rules, labels, and risk scores (or risk levels) to classify the sensitive data discovered across your organization.
ER Cloud automatically maps each sensitive data match location with the associated Risk Profiles and displays this information in the Investigate page, empowering you to focus and take action on the sensitive data findings that matter most.
How Risk Scoring and Labeling Works
For a more detailed explanation on how this feature works, refer to the Analysis - How Risk Scoring and Labeling Works section.
Requirements
| Requirements | Description |
|---|---|
| License | Enterprise Recon Cloud PRO license. |
| User Permissions |
A Global Admin user has administrative privileges to access and configure all
ER Cloud resources and is therefore
not included in the list above.
|
Manage Risk Profiles
Users with Global Admin and Risk Admin global permissions can create, modify, delete or define the priority of Risk Profiles in the Settings > Analysis > Risk Profile page.
Create a Risk Profile
To create or add a new risk profile:
- Log in to the ER Cloud Web Console.
- Go to Settings > Analysis > Risk Profile.
- Click the New Profile button in the left panel.
- Assign a unique Risk Label to classify the risk profile.
- Set the Risk Level or risk score (e.g. High, Medium, Low) for the risk profile.
- Configure the rules for the profile. Refer to the Risk Scoring and Labeling Criteria section.
- Click Save to add the new risk profile.
Modify a Risk Profile
To modify or update an existing risk profile:
- Log in to the ER Cloud Web Console.
- Go to Settings > Analysis > Risk Profile.
- Click to select a risk profile in the left panel.
- Click the edit icon in the right panel.
- Modify the risk label, risk level and/or risk rules for the profile as required. Refer to the Risk Scoring and Labeling Criteria section.
- Click Save to update the risk profile.
Delete a Risk Profile
To delete or remove a risk profile:
- Log in to the ER Cloud Web Console.
- Go to Settings > Analysis > Risk Profile.
- Click to select a risk profile in the left panel.
- Click the trash icon in the right panel.
- Click Delete in the "Delete Risk Profile" dialog box to confirm the deletion.
Prioritize Risk Profiles
In the Investigate results grid, the risk status displayed for a match location is the risk of the highest priority risk profile that maps to the location.
Risk profile priority can be ordered by the user to define the risk profile that takes precedence for reporting. This is managed by sorting the risk profiles in the Risk Profile page.
To set the priority of risk profiles:
- Log in to the ER Cloud Web Console.
- Go to Settings > Analysis > Risk Profile.
- Click the Edit Priority button in the left panel.
- Click and hold a risk profile, and drag it to a new position in the list. The topmost risk profile will have the highest priority, and the bottommost risk profile will have the lowest priority when a match location maps to the criteria of multiple risk profiles, regardless of the risk level.
- Click Save to save, or Cancel to discard the changes.
- The Priority column will reflect the latest priority of the risk profiles.