Risk states
You can assign a State to risks that are detected in your network.
-
Inbox — You are not currently taking any actions for this risk.
-
False Positive — You believe that the scanner produced the risk in error. The risk is not included in the risk score calculation.
-
Acknowledged — You plan to resolve the risk with a direct resolution or with other mitigation steps.
-
In Progress — You are addressing the risk through mitigation actions.
-
Mitigated (vulnerability is minimized) — You mitigated a risk in a way that the Risk Scanner does not account for. For example, if you had Windows 2012 with old accounting software, but the operating system can't be patched or changed because of the accounting department's needs, you could isolate the server from other networks. This does not remove the security vulnerability, but it minimizes the risk as much as possible. The next scan validates if the vulnerability still exists. If the vulnerability:
-
Still exists or could not be checked — The risk State does not change.
-
Was not detected — The risk State does not change, but the risk Status changes to Resolved.
-
-
Accepted (vulnerability remains) — You choose to accept the risk. The risk remains in the risk table until it is not detected on the network, but the risk is not included in the risk score calculation. For example, if you had Windows Server 2012 with old accounting software, but the company is unable to isolate the server from other networks. You are aware of the risk, but accept it because practical physical or financial solutions do not currently exist.Tip:
To improve your security posture, Arctic Wolf recommends that you mitigate risks instead of accepting them. Accepting a risk does not resolve the risk, so bad actors could still take advantage of the vulnerability.
-
Fixed (vulnerability removed) — You successfully resolved the risk. For example, if you had Windows Server 2012 with old accounting software, you could change the risk State to Fixed after upgrading to a Windows Server operating system that is not vulnerable, or applying a patch to the server that removes the vulnerability.