Service Risk Analysis

The Service Risk Analysis control searches for rules that allow specified services between defined zones. Service Risk Analysis defines failure based on whether rules allow or deny access, or based on the number of reachable IP addresses, and also evaluates the failure condition based on whether the query matches some rules or matches no rules.

The Service Risk Analysis controls are used in all of the preloaded assessments, including PCI. Therefore, the SCI scores will be unreliable until you configure your compliance zones and service groups.

To create a new service risk analysis control, complete the following steps.

  1. On the toolbar, click Compliance > Controls.
  2. Click Create.
  3. Select Service Risk Analysis.
  4. In the General Control Properties, complete the following fields common to all control types:
    • Name— type a name for the control.
    • Severity—select the risk level (from 0-9) of vulnerability risk associated with this control.
    • Tags—optional, tag words can be used as an additional search filter option.

    Separate tag words with a space, not a comma.

    • Description—optional, type a description of what the control will be used for.
  5. Complete the Service Risk Analysis Control Properties section.
    • Select the Source Zone , Destination Zone and Allowed Services.
    • Enter a value to trigger a fail if the source contains more than the set number of hosts.
    • Enter a value to trigger a fail is the destination contains more than the set number of hosts.
    • Select the Use Device Zone Names check box to search for rules based on the device zone name instead of the default derived address space.
  1. In the Evaluation section of Control Properties, select the Information Only check box to not record as a failure any execution of the control that does not meet the required criteria.
  2. In the Policy Optimizer section of Control Properties, if you have purchased a Policy Optimizer license, select the Send Failed Rules to Policy Optimizer check box.
  3. In the Device Test Conditions section of Control Properties, for the control type you are creating, select the Type, Vendor, and Product.
  4. In the Reporting Properties section, enter text for Pass and Fail results, and any Instructions for remediation.
  5. Click Save.