Axonius - Calculate Risk Score

Axonius - Calculate Risk Score calculates the Risk Score of an asset and writes the calculated value into the relevant Axonius Risk Score field for:

  • Assets returned by the selected query or assets selected on the relevant asset page.

A key capability of the Axonius - Calculate Risk Score action is to calculate Risk Score across assets and Security Findings: to calculate the Risk Score of a specific vulnerability in the context of a specific asset. For example, you can compare the risk level of specific CVEs on a laptop with the risk level of the same CVEs on a desktop or a mobile device..

Calculation Logic

When you run this Enforcement Action:

  • For each asset that matches the query, the Enforcement action takes the values from the configurated fields, multiplies them by their respective weight values, and completes the process by adding up all the values to get a score.
  • Similar to conditional statement behavior, when one of the fields is missing or has no value, the calculation fails entirely and that asset gets the Axonius-assigned, default value of 0.

See Creating Enforcement Sets to learn more about adding Enforcement Actions to Enforcement Sets.

📘

Note


Required Fields

These fields must be configured to run the Enforcement Set.

  • Enforcement Set name - The name of this Enforcement Action. The system sets a default name. You can change the name.
  • Configure Dynamic Values - Toggle on to enter a Dynamic Value statement. See Creating Enforcement Action Dynamic Value Statements to learn more about Dynamic Value statement syntax.
  • Score Type - Select between:
    • Per Asset - This Risk Score is calculated for the selected assets only, and is based on values from at least two parameters. The results are written into the Axonius Risk Score field on the relevant Assets Page. For example - Risk Score for the device with the host name hostname_example.

    • Per Security Finding (per Asset) - This Risk Score is calculated for a specific Security Finding in the context of a specific asset. For example - Risk Score for CVE number CVE-1234-XXX that is detected on the the device with the host name hostname_example.

      📘

      Note

      For a more elaborate explanation on a per Security Finding Risk Score, refer to Risk Score Basic Setup and expand Guidelines for calculating per Security Finding Risk Score.

  • Score Calculation - in this section, do the following:
    1. Click the + button for each additional field value that you want to include in the risk score calculation. You can use either an Asset Field or a Query Conditions - see Selecting Parameters for more information.

      You can include an unlimited amount of fields, provided that the sum of their weights (Total %) is exactly 100. More selected fields means that the risk score takes more factors into consideration.

    2. Select the Axonius field whose value is used in the risk score calculation.

    3. For each risk score component, in the Adapter dropdown, select the adapter from which to fetch the field value.

    4. Type or use the Up/Down arrows to input the Weight % of the selected Axonius field.

📘

Note

The Total % appearing under the Weight % column must be 100. If it's above or below 100, the system warns you accordingly.

The next steps are as follows:

  1. Define numeric values for non-numeric fields (e.g., Asset Name)
  2. Define fallback values for fields that don't meet any of the conditions
  3. Normalize all values to ensure consistent Risk Score ranges

For detailed explanations and step-by-step examples to each of these steps, see Normalizing Field Values.

Viewing Risk Score Results

Per Asset

  1. When the Enforcement Set finishes running, view its run history and click the most recent Enforcement Set run (row) to open its Run drawer.
CompletedActionRiskScore.png
  1. Click the green Successful link. The relevant Assets page opens, listing the assets matching the query for which the Enforcement Action succeeded to calculate the Risk Score. For each asset, the EC: Result Details field shows

When there are assets for which the Enforcement Action failed to calculate the Risk Score, you can click the red Failed link to view the assets, and see the complete error message for each one by hovering over the EC: Result Details field.

  1. Add the calculated Risk Score column to the table on the Assets page: select Edit Table > Edit Columns, and from the fields that appear, add the Axonius Risk Score field (refer to Changing Columns Display to learn more).
AddRiskScoreField.png

The table on the Assets page now displays the Axonius Risk Score column.

RiskScoreResults.png

Per Security Finding (per Asset)

  1. Repeat steps 1-2 as explained above.
  2. Select an asset from the relevant Assets page.
  3. On the Asset's Profile page, from the left navigation panel, expand the Tables section and select Security Finding.
  4. The Security Finding table opens, displaying the Axonius Risk Score field for each vulnerability detected on the asset.

Editing Enforcement Actions in a Risk Score

After creating Risk Score Enforcement Sets, you can edit them and add more actions and advanced configurations as in any Enforcement Set.See detailed explanation here.


For more details about other enforcement actions available, see Action Library.