Configure Risk Scores
Preview Feature
This article describes functionality that is currently in preview.
The Lacework (LW) Risk Score is applied to vulnerable cloud assets and packages in your environment. This helps you prioritize assets that are deemed to be high-risk and vulnerable to exploits.
This article explains how to enable or disable the factors that are included in calculating the risk score.
Go to Settings > Configuration: Risk scores to view this page.
Enable or Disable Risk Score Factors
Use the toggles to enable or disable the risk score factors listed in the following sections:
- CVE severity
- Internet exposure of hosts/containers
- Active exploits in the wild
- Known exploit available
- Package status
CVE Severity
Whether to include the CVSS v2 or CVSS v3 severity of a vulnerability in the risk score calculation.
The weighting for each severity is shown below:
| 3rd Party CVSS Score Interval | Base Risk Multiplier |
|---|---|
| (9.0 - 10.0] | 0.9 |
| (7.0 - 9.0] | 0.8 |
| (4.0 - 7.0] | 0.1 |
| (0.1 - 4.0] | 0.05 |
| [0.0 - 0.1] | 0 |
Internet exposure of hosts/containers
note
Only applicable to AWS infrastructure and customers with entitlement to Attack Path Analysis enablement.
Whether to include the internet exposure probability of a host or container in the risk score calculation.
The weighting for internet exposure is shown below:
| Probability of Internet Exposure | Base Risk Multiplier |
|---|---|
| [0 - 1.0] | [0 - 1.0] |
Active exploits in the wild
Whether to include the active exploit factor for a vulnerability in the risk score calculation. There are separate weightings for known exploit attempts and no known exploit attempts.
The weighting for active exploits in the wild is shown below:
| Active Exploits in the Wild | Base Risk Multiplier | Further Explanation |
|---|---|---|
| Known | 1.0 | Exploit probability is unmodified when there are known exploit attempts. |
| No value (Unknown) | 0.9 | Exploit probability is reduced when there are no known exploit attempts. |
Known exploit availability
Whether to include the known exploit factor for a vulnerability in the risk score calculation. There are separate weightings for different classifications of exploits.
The weighting for known exploit available is shown below:
| Known Exploit Availability | Base Risk Multiplier | Description |
|---|---|---|
| Public | 1.0 | Exploit available publicly |
| Malware | 0.85 | Exploit used by malware |
| Commercial | 0.8 | Exploit available as part of a commercially purchasable framework |
| Private | 0.7 | Exploit available within a private data feed or vulnerability database |
Package status
note
Only applicable to hosts with a Linux agent installed (v6.4+) and codeaware enabled.
Whether to include package status in the risk score calculation.
The weighting for package activity is shown below:
| Package Activity | Base Risk Multiplier |
|---|---|
| Active | 1.0 |
| Inactive | 0.05 |
| Unknown | 0.67 |
| N/A | 0.67 |
See Package Status for a definition of each status type.