The OneView Security Advisor is available for all users and displays a security score for each site in the console. The security posture and score of each site are assessed based on policy settings, scheduled scans, and endpoint status.
A low score may indicate that recommended settings are not enabled or the site has weak security settings. Admins should use Security Advisor to gain valuable insights into a site's security posture and enable the recommended settings.
The security score for a site is evaluated every 24 hours based on the OneView account configuration. Security score factors for all sites include policy configuration, scheduled scans, and endpoint status.
Add-ons, such as DNS Filtering and Vulnerability & Patch Management, may affect the score if their settings are not correctly configured. Sites without Add-ons are not impacted as it is not part of the subscription.
If a site score is unavailable, this may be due to one of the following:
- The daily score has yet to be generated for the site.
- The site has an Incident Response subscription.
- The site has no endpoint agents installed.
|Policies: Policies determine the security settings and are assigned to specific sites and groups of endpoints.||
Enable the following settings in the site policies:
|Detection scans: Detection scans help to identify and address potential threats that may exist on the site's endpoints.||
Run daily Detection scans with the following options for all groups of endpoints:
|Endpoint status: Endpoints with an endpoint status indicate action is required to be taken on them.||
Clear the following endpoint statuses:
|DNS Filtering: This add-on blocks access to known suspicious web domains to enhance productivity and collaboration while ensuring security.||Enable all 11 security categories in the site’s DNS rules by applying these DNS rules to all site endpoints with the DNS Filtering module.|
|Vulnerability & Patch Management: This add-on monitors and assesses the risk of threats on endpoints by identifying vulnerabilities in software and patching endpoints to mitigate those risks.||
Perform the following actions with Vulnerability & Patch Management:
|Endpoint Detection and Response (EDR): EDR offers advanced threat hunting, reliable isolation, remediation, and response capabilities to cybersecurity attacks.||
Remediate any detected suspicious activity and enable the following EDR settings in the site policies:
For more information on how each score is calculated, click Understand site score on the Sites page.