Risk Posture

A company's overall capacity to identify and respond to risks is referred to as its risk posture. It entails inspecting every aspect of a company's network and identifying potential vulnerabilities. All users, network elements, and any information that may be stored but is at risk of being hacked are included. It also involves examining current security practices and software to assess how well they can fend off attacks.

Edit Compliance

• Go to Manage Compliance.
• Select the required risk posture source.
• Click Edit to edit parameters of the rules with the possible values to get your personalized scores. (By default, the recommended values from the Microsoft/CIS standards will be present).
• There is an option to edit risk posture source configurations from the risk posture widget as well.

Run Analysis Schedules:

• You can get the fresh analysis results by clicking the Run Now link at the top left corner of the Risk Posture.
• The frequency can be set by clicking the Schedule button next to the Run Now Link.
• By default, the schedule will run once per day. It also allows you to change the frequency of analysis.
• Click the Schedule button to see the time when the next analysis is scheduled to run.
• You can also see the time when the last analysis has been completed.
• There is also an option to run analysis from the compliance widget.

Rule Status and its definitions

Low/No Risk

This status informs that the selected source's configurations have met the Recommended / User set compliance value as per their norms.

High Risk

This status informs that the selected source's configurations have not met the Recommended / User set compliance value as per their norms.

Unable to Verify

This status informs that the EventLog Analyzer server was unable to fetch the required data needed for analyzing the specific rule. It can be due to the following reasons.

Troubleshooting steps

SQL Server

Possible reasons for the status "Unable to verify" are as follows:

1. SQL Server down
2. Insufficient server details/user credentials

SQL Server down

The analysis requires SQL Server to be up and running. If the SQL server is down, the analysis cannot be completed.

Troubleshooting Steps:

• Make sure the selected SQL server(s) is up and running.

Insufficient server details/user credentials:

The selected SQL server(s) configuration details and credentials should be up to date and valid. Outdated or wrong details will cause analysis to fail. The configured user should have sysadmin role in the selected SQL server for all the rules to succeed.

Troubleshooting Steps:

• Update credentials and server details in Settings → Log Source Configuration → Database Audit.
• Update Advanced Auditing credentials in Settings → Log Source Configuration → Database Audit → Advanced Auditing.
• Refer here for more details.

Possible Reasons for "No SQL Server(s) Configured" in edit compliance are as follows:

1. No SQL server(s) is configured.
2. Advanced Auditing not enabled for the SQL server.

No SQL server(s) is configured

To configure MSSQL DB, please refer here.

Advanced Auditing not enabled for the SQL server

To enable Advanced Auditing, please refer here.