Unified Portal and Risk Dashboard feature differences

This table summarizes the differences that exist between existing Risk Dashboard and Unified Portal features, and describes how your experience will be different in the Unified Portal.
Feature Risk Dashboard Unified Portal How will my experience be different in the Unified Portal?
Risk granularity and metrics (risk count and risk score)

  • Risks have some default groupings applied, but the groupings are mainly for risks associated with Agent scans.

  • Risks with a low severity risk score (3.9 or lower) are not displayed or included in risk counts.

  • Asset information from multiple sources is consolidated, which changes the number of risks found.

  • You can decide if your Risk Exposure Score is based on the new algorithm or the legacy algorithm.

    For more information, see View your Risk Exposure Score.

  • Risks that were grouped in the Risk Dashboard are broken out by individual detection in the Unified Portal, so you will see an increase in the overall number of risks in your environment.

  • Your Risk Exposure Score will not match the Risk Dashboard Risk Score because risks are grouped differently in the Unified Portal.

  • For the Risk Exposure Score, you can switch between a new algorithm and the legacy algorithm:
    • New Algorithm — The score is based on the number of risks, scan results based on the Cybersecurity & Infrastructure Security Agency (CISA) Known Exploited Vulnerabilities (KEV) catalog, and the manually set Asset Criticality of assets.
      Note: We recommend that you use the New Algorithm for the Risk Exposure Score calculation because of the context it provides for risk exploitability and asset criticality. For more information, see Risk Exposure Score calculation.
    • Legacy Algorithm — Risks are displayed based on findings related to a specific Common Vulnerabilities and Exposures (CVE). Some findings are grouped together based on Arctic Wolf detection logic. All Unresolved risks, including those with a severity risk score of 3.9 and lower, are displayed and included in risk counts. For more information, see Legacy Risk Exposure Score calculation.
  • If you have a large number of risks, the Unified Portal provides alternative views to support risk review and remediation workflows:
    • On the Group by Vulnerability tab, you can view all assets with the same vulnerability.
    • On the Group by Remediation tab, you can view all risks that are resolved by the same remediation.
Risk lifecycle

  • Depending on the risk Source, the risk State is manually or automatically assigned. For example, some risks require manual changes to the State when the risk is remediated.

    For more information, see Risk State and Status lifecycles and Risk states.

  • Status is automatically assigned.

    For more information, see Risk statuses.

  • The risk State is manually assigned.

    For more information, see Risk states.

  • Status is automatically modified based on the scan results.

    For more information, see Risk statuses.

  • You are not required to manually change the risk State, but the option exists if you want to.

  • When a risk is Resolved, the Resolution Reason automatically updates with the action that resolved the risk.
Bulk edits for assets

  • Available using a CSV import.

  • Limit of 1000 rows.

  • Available, but limited to assets that can be filtered.

  • Limit of 1000 rows, but you need to select 100 rows at a time.

 Bulk updates to Tags, Asset Criticality, and Category are not supported for assets that do not have common filters because, at this time, you cannot import asset data.
Asset tagging

Optional. Applied manually to assets.

For more information, see Edit asset tags and Edit assets.

Optional. Applied to assets.

For more information, see Apply a tag to an asset.

Tags do not synchronize between the Unified Portal and Risk Dashboard.

For example, if you apply a tag to an asset in the Unified Portal, and that tag does not currently exist in the Risk Dashboard, the tag is not applied to that same asset in the Risk Dashboard.

We are developing tools so that you can request a one-time data migration from the Risk Dashboard to the Unified Portal.
Asset rescan

Unable to rescan assets with an EVA source.

For more information, see Rescan assets.

Unable to rescan assets with an EVA source or assets with a State of Inactive.

For more information, see Rescan an asset.
Asset deletion
You cannot remove:

  • Assets associated with risks that were identified within the last 24 hours.

  • Agent assets identified in the last 48 hours.

When you remove an Agent asset:

  • The Agent associated with that asset is no longer visible in the Risk Dashboard or in the Unified Portal.

  • All risks associated with the Agent are deleted.

  • If the Agent reconnects, the Agent will reappear in the Risk Dashboard and in the Unified Portal.

For more information, see Remove an asset.

  • Deleting an asset changes the Asset State to Inactive, and then removes the asset after 120 days.

  • The Status of any risks associated with the asset change to Resolved, the Resolution Reason changes to Asset Deleted, and then those risks are removed after 120 days.

  • The asset can appear again if an Agent or IVA scanner receives a new signal from it. If this occurs, any risks associated with the asset appear again as Unresolved.

    For more information, see Delete assets.

  • You can now remove assets that are associated with risks that were identified within the last 24 hours, and remove Agent assets identified in the last 48 hours.

  • The Agent asset remains in schedules until you edit the schedule.
Asset details

For more information, see View an Asset Profile.

For more information, see View risk details.

You now have these additional details:

  • Parent domain

  • Domains

  • Protocol

  • Service

  • Name

  • Vendor

  • Version

  • Port

  • Adapter

But, you do not have these details:

  • City

  • Longitude

  • Latitude

  • Country

  • Latest Username

  • System Model

  • System Boot Time

  • Client ID

  • Profile Created

  • Profile Last Updated

  • Type

  • Event

  • Raw Log
EVA reports Not applicable Ability to download historical EVA reports generated with Unified Portal data.

For more information, see View report history.

There are some differences between the EVA report that was generated from

Risk Dashboard data and the new EVA report that is based on Unified Portal data, these are the differences:

  • On the Public Network Services page:
    • The Product column displays the product name in the common platform enumeration (CPE) format instead of in a friendly name format.
    • The Port column no longer includes ports that are closed or filtered.
  • On the Externally Visible System Vulnerabilities page, some risk scores will change because risks are grouped differently in the Unified Portal.
  • On the Account Takeover Risks page, the Breach Date was replaced with the Published Date.
Risk metric reports For more information, see Download a remediation report.

Risk metric data is consolidated in the Executive Report.

For more information, see Create an Executive Summary report.

You have the option of creating an Executive Summary report using the legacy risk algorithm or the new algorithm. This is determined by Risk Exposure Score setting.