Skip to main content

Customize How Risk Factors Affect Asset Scores

Mondoo considers multiple contextual risk factors when evaluating the security of your assets. To customize per your business's security priorities, you can choose which contextual risk factors affect your assets' scores.

You can also define risk using metadata: Use cloud tags or labels or Mondoo annotations to flag high-priority and low-priority assets.

For a finer degree of control over the impact that risk factors have on asset scores, you can choose not only whether a risk factor affects scores, but how much a risk factor affects scores.

The settings you choose to customize risk factors apply to all assets in the space. If you have multiple spaces, any risk customization you make in one space doesn't affect other spaces.

note

Only team members with Editor or Owner access can perform this task.

Choose which risk factors affect security scores

  1. In the Mondoo Console, navigate to the space you want to customize.

  2. In the side navigation bar, select Settings.

  3. Select the Security Model tab.

    Customize how risk factors affect asset scores in Mondoo

  4. In the list of risk factors, enable or disable the toggle beside a risk factor:

    • An enabled toggle (purple, with the switch to the right) indicate that the risk factor does affect the security scores of assets in the space.

    • A disabled toggle, (white, with the switch to the left) indicate that the risk factor does not affect the security scores of assets in the space.

  5. Select the SAVE CHANGES button. Changes take place immediately.

Flag high-priority or low-priority assets using metadata

You can configure Mondoo to adjust the priority of assets based on their metadata. There are two types of metadata that Mondoo tracks:

  • Tags and labels assigned in your cloud platform

    • Tags: AWS, Azure, VMware, and Google Cloud

    • Labels: Kubernetes and Google Cloud

  • Annotations you assign using Mondoo

You can use this metadata to influence the priority that Mondoo gives assets. Choose the tags, labels, or annotations that either indicate high-priority assets or indicate low-priority assets.

For example, suppose in Azure you use a dept tag to identify which company departments rely on your different cloud resources. The key is dept and the values are finance, sales, research, and so on. Because the resources used by your finance department process and store banking data, you want Mondoo to consider all Azure resources with the dept:finance tag to be high-priority assets.

To specify tags, labels, or annotations that indicate high-priority or low-priority assets, you create conditions, simple queries that must be true for Mondoo to treat the asset as high or low priority.

  1. In the Mondoo Console, navigate to the space you want to customize.

  2. In the side navigation bar, select Settings.

  3. Select the Security Model tab.

  4. Scroll to the bottom of the tab.

    Define assets as high or low priority based on metadata in Mondoo

  5. Under High-priority asset or Low-priority asset, select the plus (+) button to add a condition.

    Define assets as high or low risk based on metadata in Mondoo

  6. Choose whether to assign priority based on a cloud tag/label or a Mondoo annotation.

  7. Select the plus (+) button to the right and choose the metadata key for the condition. To be flagged high or low priority, an asset must have a tag, label, or annotation with this key.

    Choose the key

  8. Choose the value for the condition. To be flagged high or low priority, an asset must have a tag, label, or annotation with this key value.

    Choose the value

    Mondoo shows the complete condition that assets must meet to be flagged high or low priority.

    Full condition

  9. To add another condition, select + ADD CONDITION and follow steps 6-8 again. If you define multiple conditions, an asset only must meet one (or more) of the conditions to be flagged high or low priority. (They're combined with a Boolean OR.)

    Add another condition

  10. Select the SAVE CHANGES button. Changes take place immediately.

Choose how much the different risk factors affect security scores

You can change the weight of impact that a risk factor has on asset security scores.

  1. In the Mondoo Console, navigate to the space you want to customize.

  2. In the side navigation bar, select Settings.

  3. Select the Security Model tab.

  4. Select the SHOW ADVANCED SETTINGS button.

    Customize how much risk factors affect asset scores in Mondoo

  5. For each risk factor:

    • Raise or lower the percentage to control how the risk factor raises or lowers security scores.

      A positive percentage means higher risk. When Mondoo detects the risk factor for an asset, it raises the asset's score (toward high/critical). The higher the positive percentage, the more Mondoo weights the risk factor's presence as a security concern.

      A negative percentage means lower risk. When Mondoo detects the risk factor for an asset, it lowers the asset's score (toward medium/low). The lower the negative percentage, the more Mondoo weights the risk factor's presence as a security aid.

    • Enable or disable the toggle to the left of the risk factor to turn it on or off, as described in the section above.

    tip

    To return all settings to the Mondoo defaults, select the RESET TO DEFAULTS button.

  6. To save the new settings, select the SAVE CHANGES button.

  7. To return to the regular Risk Configuration settings without the percentages, select the HIDE ADVANCED SETTINGS button.