Threat Risk Index Score Factors

The Threat Risk Index (TRI) is a new Alert Logic vulnerability rating system designed to help you determine which of your deployments, VPCs, or networks are most exposed and susceptible to a security attack or breach.

There are five main ways the TRI score is used in the Alert Logic console:

  • Per Host – A TRI score is calculated for each host, which is then used to calculate the TRI score for each VPC/network and each deployment.
  • Per VPC/Network – The TRI score for the VPC/network is calculated based on the TRI score for each host within the VPC/network.
  • Per Deployment – The TRI score for the deployment is calculated based on the TRI score for each host within the deployment. The deployment TRI scores are then used to create the overall score for the customer account.
  • Overall Score (per customer account) – This score is calculated based on the TRI scores for each deployment within the customer account.

Host TRI score components

A TRI score is calculated for every host. The following components are used to calculate the TRI score for a host:

  • Alert Logic weighted CVSS v2 vulnerability score
  • The number of external-facing vulnerabilities found in external scans
  • The number of vulnerabilities with known exploit code available
  • Time elapsed since the last scan on the host

Alert Logic weights  the CVSS vulnerability scores to elevate the high and critical vulnerabilities.

VPC/network and deployment TRI score

This score is calculated by determining the tri-mean of the host TRI scores within the VPC/network or deployment.

Overall TRI score

This score is calculated by weighting the average of the TRI scores for all of the deployments in the customer account.

TRI severity levels

TRI scores are assigned severity levels when referred to in the Alert Logic console. Severity levels are assigned as follows:

  • Critical: TRI >= 9.0
  • High: TRI >= 7.0 and < 9.0
  • Medium: TRI >= 4.0 and < 7.0
  • Low: TRI >= 1.0 and TRI < 4.0
  • Minimal: TRI < 1.0

TRI scores in the Alert Logic console

The TRI scores are incorporated in several pages of the Alert Logic console:

Threat Risk Index overview graph

The TRI graph displays the current TRI score. To access the TRI graph, Alert Logic console, click the Overview tab, and then click Security Posture.

The Overall Score is the weighted average of all TRI scores of a selected deployments. The trend arrow is based on whether the TRI score for the asset is better, worse, or the same over the selected trending average period.

To learn more about the TRI graph, see Security Posture Dashboard.

Monthly Security Posture report

The Monthly Security Posture report provides the current and historic monthly security risk and health posture of your environment, including configuration and security remediations, risk posture overviews, vulnerability assessments, and threat analysis.

To access the Monthly Security Posture report:

  1. In the Alert Logic console, click Reports, and then click Risk.
  2. Click Security Posture, and then click Monthly Security Posture.

To learn more about this report, see Monthly Security Posture.

TRI Summary report

The TRI Summary report provides a summary of the recent TRI scores of your environment, including the overall TRI score and trends, score details, risk index asset distribution charts, and top ten lists.

To access the TRI Summary report:

  1. In the Alert Logic console, click Reports, and then click Risk.
  2. Click Threat Risk Index, and then click TRI Summary.

To learn more about this report, see TRI Summary.

TRI Trends report

The Threat Risk Index Trends report provides insights into TRI scores and trends in reducing risks, including average TRI scores, total vulnerability and host counts, internet-facing vulnerabilities, exploit availability, and last scanned age.

To access the TRI Summary report:

  1. In the Alert Logic console, click Reports, and then click Risk.
  2. Click Threat Risk Index, and then click TRI Trends.

To learn more about this report, see TRI Trends.