Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Request] Update docs for automatic risk scoring after asset criticality assignment #5180

Closed
jaredburgettelastic opened this issue May 7, 2024 · 2 comments
Closed

[Request] Update docs for automatic risk scoring after asset criticality assignment #5180

jaredburgettelastic opened this issue May 7, 2024 · 2 comments
Assignees
@natasha-moore-elastic
Labels
Docset: ESS Issues that apply to docs in the Stack release Docset: Serverless Issues for Serverless Security Effort: Small Issues that can be resolved quickly Feature: Entity Analytics Features or enhancements for any of the Entity pages Priority: High Issues that are time-sensitive and/or are of high customer importance Team: Entity Analytics v8.15.0

Comments

@jaredburgettelastic
Copy link

Description

What?

We are introducing the ability to immediately recalculate an individual entity's risk score upon changing its asset criticality assignment. Currently, the docs state that the user must wait until the next risk scoring background process for the new criticality to be taken into account, and this should now change.

Why?

It is confusing for users to update their criticality assignment and not see it immediately reflected in risk scoring. This bug originally showed this behavior as undesirable.

Background & resources

Which documentation set does this change impact?

ESS and serverless

ESS release

8.15

Serverless release

The week of May 20th

Feature differences

N/A

API docs impact

N/A

Prerequisites, privileges, feature flags

Asset Criticality advanced setting must be enabled, and Risk Scoring Engine must be enabled (note that both of these are already called out appropriately in the current docs, no changes needed from this perspective).
@natasha-moore-elastic natasha-moore-elastic self-assigned this May 7, 2024
@natasha-moore-elastic natasha-moore-elastic added Feature: Entity Analytics Features or enhancements for any of the Entity pages Docset: Serverless Issues for Serverless Security Docset: ESS Issues that apply to docs in the Stack release Team: Entity Analytics v8.15.0 Priority: High Issues that are time-sensitive and/or are of high customer importance Effort: Small Issues that can be resolved quickly labels May 10, 2024
@natasha-moore-elastic
Copy link
Contributor

natasha-moore-elastic commented May 10, 2024
edited
Loading

@jaredburgettelastic just to clarify, does this only apply to changing asset criticality from one level to another (for example, low impact -> high impact), or does it also apply to assigning a criticality level for the first time (unassigned -> low impact) and unassigning asset criticality (low impact -> unassigned)? Is the risk score immediately recalculated in all of those scenarios?

Merged
@jaredburgettelastic
Copy link
Author

@natasha-moore-elastic This applies to any asset criticality changes made directly through the UI on an individual entity, whether assignment, unassignment, or update.

However, this does not apply to the CSV file upload feature. Any asset criticality changes made through that mechanism currently only affect the next run of the risk engine.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@natasha-moore-elastic natasha-moore-elastic

Labels
Docset: ESS Issues that apply to docs in the Stack release Docset: Serverless Issues for Serverless Security Effort: Small Issues that can be resolved quickly Feature: Entity Analytics Features or enhancements for any of the Entity pages Priority: High Issues that are time-sensitive and/or are of high customer importance Team: Entity Analytics v8.15.0
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@natasha-moore-elastic @jaredburgettelastic