Skip to main content
All CollectionsAssets and Vulnerabilities
Filtering by specific business Groups may show more results than 'All Business Groups': Understanding the Risk Level filter
Filtering by specific business Groups may show more results than 'All Business Groups': Understanding the Risk Level filter
Updated over a month ago

How the Risk Level filter works

The Risk Level filter determines the results based on the highest risk level of a vulnerability across its associated instances (findings). These instances are tied to specific assets, and the risk level of each instance is determined by the asset it is associated with. Here's how this process works, and why the results may differ between filtering by All Business Groups (BGs) and Specific Business Groups.


How the max risk level of a unique vulnerability is determined

There are two key metrics for each unique vulnerability: Max Risk and Risk Level. While they are closely related, they represent different aspects of how a vulnerability's risk is assessed.

Max Risk

  • The Max Risk is a numeric value between 0-100, representing the highest risk score calculated for the subjected unique vulnerability across all its instances (findings).

  • This score is calculated after evaluating the vulnerability’s impact on each asset, and it reflects the most critical state of the vulnerability within the environment.

How is a Risk Score calculated per a vulnerability instance (finding)?

The risk score is determined by analyzing three main factors:

  1. Technical severity: Derived from CVSS or equivalent scores provided by scanning tools.

  2. Threats: Includes exploit availability and threat intelligence data.

  3. Tags: Reflects the impact of asset tags, which might indicate business criticality or sensitivity.

The risk score is then grouped into buckets, similar to CVSS v3.0:

  • Critical: 90-100

  • High: 70-89

  • Medium: 40-69

  • Low: 1-39

  • None: 0

Each risk level is color-coded to make identification easier in the platform.

Risk Level

  • The Risk Level is simply the descriptive label (e.g., "High" or "Critical") that corresponds to the Max Risk score.

  • It provides a word-based summary of the risk score for easy understanding and communication.

Example

A vulnerability is associated with three assets:

  • Asset A: Risk score 70

  • Asset B: Risk score 70

  • Asset C: Risk score 90

The Max Risk of the vulnerability is 90, as it reflects the highest risk score across all associated assets. The Risk Level is therefore Critical, based on the risk score falling within the "Critical" range (90-100).


Behavior when filtering vulnerabilities by "All Business Groups" (All Assets)

  • When filtering by "All BGs", the system evaluates each unique vulnerability's overall highest risk level across all environmental assets.

  • The system includes a vulnerability in the results only if its highest risk level matches the requested filter.

    For example, If a vulnerability has instances with Low, Medium, High, and Critical risk levels:

    • Its overall risk level is Critical.

    • Filtering for High risk excludes this vulnerability because its highest risk level is above High (Critical).


Behavior when filtering by specific Business Groups (limited assets)

  • When filtering by specific BGs, the system evaluates the vulnerability’s risk level only within the selected BGs.

  • The overall risk level of the vulnerability in this context is determined by the highest risk level among its instances within the selected BGs.

  • If the highest risk level within the selected BGs matches the requested filter, the vulnerability is included in the results.

For example:

  • A vulnerability has instances with:

    • Critical risk in BG "F".

    • High risk in BG "A".

  • Filtering for High risk across All BGs excludes this vulnerability because its overall risk level is Critical.

  • Filtering for High risk in BG "A" includes this vulnerability because the highest risk level within BG "A" is High, and BG "F" is excluded.


Why results may be higher when selecting fewer Business Groups

  1. All Business Groups:

    • The system considers all instances across all assets.

    • The vulnerability’s risk level is determined by the highest risk level across the entire environment.

    • This gives a consolidated view of vulnerabilities at their most critical state.

  2. Specific Business Groups:

    • The system considers only instances within the selected BGs.

    • The vulnerability’s risk level is determined by the highest risk level among the assets in the selected BGs.

    • By narrowing the scope, the risk level can drop (e.g., from Critical to High) if the most critical instances are outside the selected BGs.

For example:

  • A vulnerability with instances at Critical risk in BG "F" and High risk in BG "A" is excluded from "All BGs" filtering for High risk but is included when filtering for High risk in BG "A."


Key Insight:

  • A vulnerability’s risk level is always determined by its highest risk level across the evaluated scope (all assets or specific BGs).

  • When filtering by All BGs, the system reflects the most critical state of vulnerabilities across the environment.

  • When filtering by specific BGs, the system reflects the most critical state of vulnerabilities only within those BGs, which can result in different risk levels and, potentially, more results due to the narrower scope.

Did this answer your question?