About the security ratings

The security score uses numeric values to rate each object's conformity to policy. Objects with a higher rating are considered a greater security risk.

Security ratings come from the security messages that the modules report during policy runs on agent systems. Red level messages are critical and receive a significantly higher rating than yellow messages.

Table: Security ratings defines the numeric weight that is assigned to each security level.

Table: Security ratings

Level

Numeric weight

Description

Red

10

A red message indicates a severe security vulnerability. Each red message contributes ten points to an object's overall score.

Yellow

1

Yellow messages indicate a moderate security vulnerability. Each yellow message contributes one point to an object's overall score.

Green

0

Green messages do not contribute to the overall score.

An object's rating is derived from the following formula:

10 points for each red message + 1 point for each yellow message

While interpreting the rating, you must understand that the rating stems from the number of messages multiplied by the value of the rating. An object that has a high yellow rating may not pose the same threat as an object that has a low red rating. You must generally address the red messages first.

Although security level and scores are related, they should be considered separately.

During a policy run, Symantec ESM compares the current state of the agent computer to the security checks that are enabled in the policy.

Symantec ESM messages report exceptions and other information that includes the following:

Symantec ESM assigns each message a security level and a score to classify the severity of the problem. Messages with a green security level have a rating of 0, which indicates that the message is informative and does not require corrective action. A message with a yellow security level has a rating of 1, which identifies it as a problem that needs attention. A message with a red security level has a rating of 10, which indicates that the problem is serious and requires prompt attention.

Symantec ESM assigns a security level and calculates a rating for each module in the policy run as follows:

Symantec ESM compares the security levels of all the modules in the policy run and assigns the most severe security level to the policy. Symantec ESM sums the ratings of all the modules and assigns this total to the policy. Symantec ESM repeats this process, rolls the level, and rates the information up from policy to agent and agent to domain.

At the domains level, Symantec ESM compares the security levels of all the agents. Symantec ESM then assigns the most severe security level to the agent level for domains. Symantec ESM also calculates an average agent score for domains. Symantec ESM repeats this process, rolls the average agent level and rates information up the remainder of the enterprise tree.

[an error occurred while processing this directive]