About the security ratings

The security score uses numeric values to rate each object's conformity to policy. Objects with a higher rating are considered a greater security risk.

Security ratings come from the security messages that the modules report during policy runs on agent systems. Red level messages are critical and receive a significantly higher rating than yellow messages.

Table: Security ratings defines the numeric weight that is assigned to each security level.

Table: Security ratings

Level	Numeric weight	Description
Red	10	A red message indicates a severe security vulnerability. Each red message contributes ten points to an object's overall score.
Yellow	1	Yellow messages indicate a moderate security vulnerability. Each yellow message contributes one point to an object's overall score.
Green	0	Green messages do not contribute to the overall score.

An object's rating is derived from the following formula:

10 points for each red message + 1 point for each yellow message

While interpreting the rating, you must understand that the rating stems from the number of messages multiplied by the value of the rating. An object that has a high yellow rating may not pose the same threat as an object that has a low red rating. You must generally address the red messages first.

Although security level and scores are related, they should be considered separately.

During a policy run, Symantec ESM compares the current state of the agent computer to the security checks that are enabled in the policy.

Symantec ESM messages report exceptions and other information that includes the following:

Non-compliant, policy-based conditions.
Differences between the most recent snapshot file and the state of the computer at the time of the policy run.
Differences between the module template and the state of the computer at the time of the policy run.
The information that is related to system administration.

Symantec ESM assigns each message a security level and a score to classify the severity of the problem. Messages with a green security level have a rating of 0, which indicates that the message is informative and does not require corrective action. A message with a yellow security level has a rating of 1, which identifies it as a problem that needs attention. A message with a red security level has a rating of 10, which indicates that the problem is serious and requires prompt attention.

Symantec ESM assigns a security level and calculates a rating for each module in the policy run as follows:

Symantec ESM compares the security levels of the messages that a module reports, and assigns the most severe security level to the module. For example, Symantec ESM assigns a yellow security level to the module if the Password Strength module reports the following:
- 50 green messages and 20 yellow messages
- No red messages
Symantec ESM sums the ratings of the messages that a module reports to calculate an overall rating for the module. In the previous example, the 50 green messages that the Password Strength module reports have a rating of zero. The 20 yellow messages have a rating of 20. Symantec ESM calculates a rating of 20 for the Password Strength module.

Symantec ESM compares the security levels of all the modules in the policy run and assigns the most severe security level to the policy. Symantec ESM sums the ratings of all the modules and assigns this total to the policy. Symantec ESM repeats this process, rolls the level, and rates the information up from policy to agent and agent to domain.

At the domains level, Symantec ESM compares the security levels of all the agents. Symantec ESM then assigns the most severe security level to the agent level for domains. Symantec ESM also calculates an average agent score for domains. Symantec ESM repeats this process, rolls the average agent level and rates information up the remainder of the enterprise tree.