Getting Started with Hierarchical Risk Meters

The Hierarchical Risk Meter functionality enables authorized users to create risk groups which descend, or inherit their filters and search criteria, from the parent group. The assets and vulnerabilities included in any descendent group are determined by that group’s immediate filter criteria, as well as all of the filter criteria for any ancestors above it in the hierarchy.

Due to more restrictive criteria being added the further down the hierarchy you go, a child group will always show fewer (or at most, the same) assets and vulnerabilities than its parent group.

Prerequisite:

You must be an Administrator role, Normal role or be assigned to a custom role with the Edit Asset Groups permission enabled to Create child meters in the UI.

Note: Only users with the Administrator role or Normal role are able to create Child Risk Meters via the API.

Important to Note:

• All descendant risk meters inherit user role permissions from their parent.

  • For example, if you have access to a parent risk meter, you will have access to all its descendants.

• Editing a parent impacts all descendant risk meters.

• Deleting a parent removes all descendant risk meters.

• Each descendant risk meter (parent, child, grandchild etc) has its own independent Reporting and Top Fixes views.

• Each descendant risk meter has its own score.

• You can create up to 10 nested levels of descendant groups from the root parent risk meter.

• There is no limit to how many children a risk meter can have . Only hierarchy depth is limited, not breadth.

Viewing Risk Meters from the Dashboard

From the Dashboard Card View, you can view all your risk meters including new icons that indicate the presence of child meters.

Clicking a Child icon opens a new window displaying the children of the parent risk meter. Continue clicking Child icons to drill down.

You can also view descendant risk meters in the newly introduced List View on the dashboard by clicking the List View icon. The risk meters appear with the ability to expand and collapse risk groups.

In the List View, you can access the Assets and Vulnerabilities links, which open in the Explore window.

Tip: You can follow the breadcrumbs in the List View or Card View to navigate back through the risk meter levels or simply return to the Dashboard.

Searching for Groups in Explore

Click All Groups or a specific group and then the down caret to activate the search bar.

Note: By default, you will see your first 500 groups alphabetically. As soon as you enter the search criteria, the best matched groups will start to display.

To see children in the context of their parent in Explore, click the child icons. You can click again to hide them.

You are still be able to view groups in the right-hand panel in Explore for now, but this is the navigation of the future! This new control will eventually replace the Groups section in the right-hand search panel.

Creating a New Child Group

Navigate to the Explore page, hover over the risk meter name in the top left to access the green + sign to add a child group.

A banner appears informing that you are about to create a child group (risk meter).

In this Child Risk Meter view, add any additional filters and then click Create Child.

In the pop-up window, enter a name for the child group and give permission to the appropriate user roles.

Important: Parent-level user role permissions are displayed and cannot be removed.

Click Create Child to create the child group.

A banner appears informing you the child group has been created.

Adding Risk Meter Permissions

You can also add permissions from the Settings page. From the Explore tab, click Settings to open the User Roles Edit window.

Enter a Name for the new User Role.

Select the risk meter to which you wish to add the new permission.

Select the applications to which you wish to grant access.

Choose your Access Type or create your own custom access settings.

Click Save to apply the new settings.

Editing a Risk Meter in the Dashboard

Note: Before editing a risk meter, review all risk meters that may be impacted.

From the Dashboard, click the Pencil icon on the particular risk meter you wish to edit.

Note: You will not see the pencil or Trash Can icon if you are not an administrator or do not have the appropriate permissions to edit or delete a risk meter.

You are able to edit the Name and/or the User Role permissions instantly.

Tip: You can edit Assets in Explore by clicking the Edit Assets in Explore link.

Click Save to apply your changes.

Editing a Risk Meter in Explore

From Explore, click the Pencil icon on the particular risk meter you wish to edit.

Note: You will not see the pencil or Trash Can icon if you are not an administrator or do not have the appropriate permissions to edit or delete a risk meter.

You are able to edit the Name/Permission or Filters.

Tip: Filters are only editable from the Explore page.

Once you select Filters, a banner appears informing you are editing an existing group and this change will cause reporting and metrics to change moving forward.

Important: This action cannot be undone.

You have the option to Update Group once you have changed filters .

Deleting a Risk Meter

Important: Before deleting a risk meter, ensure that you are selecting the appropriate one and review all descendants as they will be deleted too.

From the Dashboard, click the Trash Can icon on the particular risk meter you wish to delete.

Note: You can also delete a risk meter in Explore.

Review the risk meter that you are deleting.

Click Delete to remove the risk meter and any related descendant risk meters.

If you were a customer prior to February 2023 this was not enabled by default, contact your Customer Experience (CX) Team or Support Team to enable this feature.