Skip to main content

How Mondoo Prioritizes Security Findings

Mondoo helps you prioritize fixes by moving beyond static severity ratings. We analyze every finding through the lens of your unique environment, calculating a contextual Risk Score for each one. These scores then power our Top Actions feature, a focused list of the most impactful remediations for your infrastructure.

This allows you to spend less time sifting through thousands of alerts and more time closing the security gaps that matter most.

What Are Security Findings?

Security findings are potential issues that can make your infrastructure vulnerable to attack. The Mondoo Console reveals security findings in all the assets you integrate with Mondoo. Findings include:

  • Misconfigurations that can expose your infrastructure to attackers
  • Known vulnerabilities (or CVEs, common vulnerabilities and exposures) in the software installed on your assets
  • Advisories published by software makers to alert the public about gaps in their products

How Mondoo Calculates Risk Score

The foundation of prioritization is an accurate, contextual Risk Score. Mondoo assigns a score of Low, Medium, High, or Critical to each finding by combining a base score with contextual risk factors.

Begin with a base score

Each finding has a base score associated with it.

  • For misconfigurations, the base score comes from the impact score of the failed check in a Mondoo policy.
  • For CVEs and advisories, the base score is the CVSS score.

Factor contextual risk

Base scores evaluate a threat in a vacuum. Mondoo makes them more accurate by applying contextual risk factors that are unique to your assets and environment.

Risk FactorDescriptionAffect on Risk Score
Internet-facingThe asset has a public IP address and is exposed to the internet.Raise
Remote exploitThe vulnerability can be exploited remotely without user interaction.Raise
Accessible keysKey or credential information is exposed on the asset.Raise
In useThe asset has a running service or is in active use.Raise
End-of-life (EOL)The asset is running an EOL operating system.Raise
DatabaseThe asset hosts a running database.Raise
DefensiveThe asset has defensive countermeasures (SELinux or AppArmor).Lower

Blast Radius

Mondoo uses the number of times a finding is present in the space to calculate a blast radius for the finding.

From Risk Score to Top Actions

While individual risk scores are important, the key to efficient remediation is understanding collective impact. Mondoo analyzes the risk scores of all findings across all your assets to identify which issues, if fixed, will provide the largest measurable improvement to your security posture.

These critical issues are presented to you in a curated list called Top Actions.

To learn how to use this powerful feature and understand the metrics behind it, see our guide to Prioritizing Risk with Top Actions.