The Security Monitor page allows the monitoring of the security state of all applications within RIPS. It can be highly customized with different view types and settings that tailor the results to your required specifications.
We support three different view types: Simple, Extended, and Timeline. They can be selected under the settings window (you can find more information about the settings in a chapter further down).
The simple view shows the security state of the latest scans as a simple icon. They are sorted from the left to the right with the newest first. Hovering over an icon shows a tooltip with more information about the scan.
The extended view shows a list of the latest scans with their security state attached. They are sorted by column, newest first.
The timeline view shows a number of security states for the newest scans that are grouped by their application. They are sorted from the right to the left with the left one being the newest. Hovering over an icon shows more information about the specific scan.
The settings menu allows a highly customized security state output. The following options are available:
- Source: Select the data source for the security state view. There are two options available:
- All scans of all applications (default)
- Latest scan of all applications
- View: Select the view to show the security state in. There are currently three options available (you can find a more precise description of the view types in the sections above):
- Extended (default)
- Timeline - grouped by application
- Scan Limit: Maximum number of scans to load.
- Critical Threshold: Threshold which defines at what point a scan is flagged as critical. See the Issue Weights section for a more detailed description of the calculations.
- Suspicious Threshold: Threshold (relative to the critical threshold) which defines at what point a scan is flagged as suspicious.
The settings can be stored by clicking on the Store Settings button and are then loaded on each visit to the security monitor.
The issue weights are used to calculate the security risk of a scan. They define the risk value of a single issue that is categorize in the specified severity.
Example Calculation: The example analysis resulted in the following issue severities:
The resulting risk value is then calculated as follows:
In this example calculation, the scan would be flagged as Suspicious because it is over the default 50% suspicious threshold relative to the default 400 critical threshold (>200).