Skip to main content

Configure Risk Scores

Preview Feature

This article describes functionality that is currently in preview.

The Lacework (LW) Risk Score is applied to vulnerable cloud assets and packages in your environment. This helps you prioritize assets that are deemed to be high-risk and vulnerable to exploits.

This article explains how to enable or disable the factors that are included in calculating the risk score.

Go to Settings > Configuration: Risk scores to view this page.

Enable or Disable Risk Score Factors

Use the toggles to enable or disable the risk score factors listed in the following sections:

CVE Severity

Whether to include the CVSS v2 or CVSS v3 severity of a vulnerability in the risk score calculation.

The weighting for each severity is shown below:

3rd Party CVSS Score IntervalBase Risk Multiplier
(9.0 - 10.0]0.9
(7.0 - 9.0]0.8
(4.0 - 7.0]0.1
(0.1 - 4.0]0.05
[0.0 - 0.1]0

Internet exposure of hosts/containers

note

Only applicable to AWS infrastructure and customers with entitlement to Attack Path Analysis enablement.

Whether to include the internet exposure probability of a host or container in the risk score calculation.

The weighting for internet exposure is shown below:

Probability of Internet ExposureBase Risk Multiplier
[0 - 1.0][0 - 1.0]

Active exploits in the wild

Whether to include the active exploit factor for a vulnerability in the risk score calculation. There are separate weightings for known exploit attempts and no known exploit attempts.

The weighting for active exploits in the wild is shown below:

Active Exploits in the WildBase Risk MultiplierFurther Explanation
Known1.0Exploit probability is unmodified when there are known exploit attempts.
No value (Unknown)0.9Exploit probability is reduced when there are no known exploit attempts.

Known exploit availability

Whether to include the known exploit factor for a vulnerability in the risk score calculation. There are separate weightings for different classifications of exploits.

The weighting for known exploit available is shown below:

Known Exploit AvailabilityBase Risk MultiplierDescription
Public1.0Exploit available publicly
Malware0.85Exploit used by malware
Commercial0.8Exploit available as part of a commercially purchasable framework
Private0.7Exploit available within a private data feed or vulnerability database

Package status

note

Only applicable to hosts with a Linux agent installed (v6.4+) and codeaware enabled.

Whether to include package status in the risk score calculation.

The weighting for package activity is shown below:

Package ActivityBase Risk Multiplier
Active1.0
Inactive0.05
Unknown0.67
N/A0.67

See Package Status for a definition of each status type.