Risk Analysis

The Risk Analysis is different way to show the information collected by the different hosts. Using this view is possible to identify witch hosts, assets, networks, are critical than others based on the events happened on the different hosts.

Requirements:

• SGBox Version 4.2.1.

You can define a specific score (from 0 to 10) on each event you recognize in SGBox from LM > Configuration > Events families.
Here you can find Families and Subfamilies:

• Families: a group that contains different subfamilies.
• Subfamilies: a group that contains same events.

You can use the pre configured or you can create your own Families or Subfamilies and assign a specif score. As you can see below Logon successful, Logoff and Logon failed belong to Authentication family. Logon Successful and Logoff have a score of 1. Logon fail has a score of 3. So it means the Logon fail is more critical that a Logon successful.

Example:

• The host A receives 1 Logon OK, The host B receives 3 Logon fails.
• The host A belongs to asset A & network A. The host B belongs to asset B & network B.

The host B is more critical than the Host A, the asset B is more critical than the asset A, the network B is more critical than the network A, based on the events occurred.
The score assigned to the Subfamily is not the final score, is just a level of criticity. Other mathematical operation has been made by SGBox in order to determinate the Critical level.

You can also visualize the information obtained in a Risk Analysis dashboard.
From SCM > Dashboard > Dashboard. Select Dashboard > Create New Dashboard > New Widget then Risk Analysis from the provided menu.