The OneView Security Advisor is available for Global and Site Administrators and displays a security score for each site in the console. The security posture and score of each site are assessed based on policy settings, detection scans, and endpoint status.
A low score may indicate that recommended settings are not enabled or the site has weak security settings. Admins should use Security Advisor to gain valuable insights into a site's security posture and enable the recommended settings.
Site score
The security score for a site is evaluated every 24 hours based on the OneView account configuration. Security score factors for all sites include policy configuration, detection scans, and endpoint status.
Add-ons, such as DNS Filtering and Vulnerability & Patch Management, may affect the score if their settings are not correctly configured. Sites without Add-ons are not impacted as it is not part of the subscription.
If a site score is unavailable, this may be due to one of the following:
- The daily score has yet to be generated for the site.
- The site has an Incident Response subscription.
- The site has no endpoint agents installed.
Score factors
Factors | Recommendation |
Policies: Policies determine the security settings and are assigned to specific sites and groups of endpoints. | Enable the following settings in the site policies:
|
Detection scans: Scheduled detection scans help to identify and address potential threats that may exist on the site's endpoints. | Run daily Detection scans with the following options for all groups of endpoints:
|
Endpoint status: Endpoints with an endpoint status indicate action is required to be taken on them. | Clear the following endpoint statuses:
|
DNS Filtering: This add-on blocks access to known suspicious web domains to enhance productivity and collaboration while ensuring security. | Enable all 11 security categories in the site’s DNS rules by applying these DNS rules to all site endpoints with the DNS Filtering module. |
Vulnerability & Patch Management: This add-on monitors and assesses the risk of threats on endpoints by identifying vulnerabilities in software and patching endpoints to mitigate those risks. | Perform the following actions with Vulnerability & Patch Management:
|
Endpoint Detection and Response (EDR): EDR offers advanced threat hunting, reliable isolation, remediation, and response capabilities to cybersecurity attacks. | Remediate any detected suspicious activity and enable the following EDR settings in the site policies:
|
For more information on how each score is calculated, click Understand site score on the Sites page.