Breadcrumbs

Rule 10 - Maximum Risk Score for Defender for Cloud Apps

Rule Synopsis

For context on Risk Scores are a numerical score ranging from 0 to 10, to help organizations prioritize remediation efforts based on the severity of a vulnerable application.

In Defender for Cloud Apps a Risk Score of 0 is bad and a score of 10 is good.

CI Sync allows customers to set a maximum Risk Score to control the severity of vulnerable Cloud Applications synchronized into ServiceNow.  That is, you can define which Cloud Applications are not worth synchronizing into ServiceNow based on the Risk Score filter value. 

Rule Details

  • By default, CI Sync uses a Risk Score of 10 (which means all Defender for Cloud Apps applications will be synchronized into ServiceNow because all Defender for Cloud Apps applications have a Risk Score of less than or equal to 10).

For non-production testing customers may want to use a Risk Score filter of 10, so all Cloud Apps applications are synchronized to ServiceNow as Business Applications. Doing this allows customers to become familiar with this data in their non-production ServiceNow.

For production usage, customers should assess their non-production test results, and their business requirements to determine the appropriate Risk Score filter. Syncfish typically recommend customers set a low Risk Score filter value to start with (e.g. 4) and progressively increase this value over time (increase the scope has the effect of allowing more Cloud App applications to be sync’d into the CMDB).

Override Options

Context

Customers may wish to decrease the Maximum Risk Score filter value to synchronize fewer Cloud App applications (i.e. to only sync’d those applications with a higher severity).

Options

Customers can set the Maximum Risk Score filter to any number between 0 and 10.

Overriding via Connection Settings

Customers can perform the override using a “Connection Setting” via the CI Sync User Interface (i.e. customers can perform the overrides themselves). Additional information for this is available via the following documentation:

  1. For a general overview of CI Sync Connection Settings please read Understanding the use of CI Sync Connection Settings.

  2. For the specific CI Sync Connection Setting/s related to the rule described on this page please read Maximum Risk Score for Defender for Cloud Apps .

For documentation on all CI Sync Connection Settings please visit the page tree Connection Setting Guides.

Additional Information

N/A

N/A

Support Model for Rule Overrides

Question: Can overrides be performed by customers without a Syncfish Extended Implementation and Support Plan?

Answer: Yes (via self-service in the CI Sync UI)

Question: Which Syncfish Extended Implementation and Support Plan is required to obtain overrides of this rule

Answer: Either a Bronze Plan, Silver Plan or Gold Plan (for customers wanting Syncfish assistance to perform overrides of this rule)