Threat Levels
Important:The product name for this user guide has changed from Foundation and Cloudscape to Business Service Discovery and Migration Planning. Previous UI pages known as Foundation have changed to Business Service Discovery. Previous UI pages known as CloudScape have changed to Migration Planning.
Every device who has a Threat Check in your environment will have a Threat Level. The higher the level the great the security threat of a particular device.
The Threat Level is determined by combining all known vulnerabilities and the behavior of a device.
For example:
| • | Level 1—A device has an unused listening service |
| • | Level 2—The above and the device has a vulnerability on an installed package |
| • | Level 3—All of the above and that package is running |
| • | Level 4—All of the above and that server connects to the internet |
| • | Level 5—All of the above and when that server connects to the internet it connects to a anonymous proxy |
This example is meant to illustrate the logic behind Threat Levels, not be an exact description of how Threat Level is determined.
We recommend at least investigating every device that's level 3 and above.
How Are Threats Changing Chart
The chart shows how Threat Levels are changing daily. You can filter this chart and all subsequent tables to specific date ranges either by selecting the start and end dates in the date picker control located above the chart or by filtering to a specific date in the tables directly. The page loads with all collected data.
It is important to note that servers will transition between levels based on the time bound nature of certain Threat Checks. For instance, if a server talks to the internet for the first time (when it has not previously) it will trigger a check, but that check will only be relevant for the day we see it exhibit anomalous behavior and then ceases to contribute to the Threat Level.