Not all Enterprise Organizations will have a mix of systems in their environment. There are organizations which might have predominantly one set of systems, say, Microsoft Windows or Nix systems.Also organizations may want to know the risk posture of their organization only against a select set of threats, say Microsoft Patch Tuesday Threats.
Risk Advisor provides a way to select only assets/threats that are relevant for an organization to be included in the analysis. Risk Advisor calculates risk posture with only the selected assets/threats.
Assets/threats which have the ‘Analysis State’ as enabled are considered for analysis, and conversely all assets/threats which have ‘Analysis State’ as disabled are excluded from analysis. By default, all assets and threats are in the ‘Enabled’ state.
The Risk Metrics page lists only enabled assets and threats.
Now, with all the theory behind us, let us see how to accomplish this.
We will see below how to enable/disable assets.
·Go to System Tree and select the assets
·Click Actions ® Risk Advisor and select ‘Change Analysis State’
·Select the Analysis State as either enabled or disabled according to your needs.
·Repeat the above steps in Reporting ® Threats page for selecting threats.
· Now, Run the default MRA task – ‘MRA: Threat Download and Analysis’.
·If you would like to check how many assets and threats have been considered for analysis, you can refer to Server Task Log page for the MRA default task. This page will list the number of assets and threats considered for analysis.
·MRA remembers your selection for all future analysis until further changes are made.
Want to know how to automate Selective Asset/Threat Analysis using ARS/Queries? Stay Tuned for more.