LogoLogo
APISupportDashboard
  • Welcome
  • Platform
    • Platform Overview
    • Getting Started Guide
    • Discovery
      • Domain Discovery
      • Network Discovery
      • Discovered Assets
    • Targets
      • Scan Policies
      • Add-on Services
      • Tags & Filtering
        • Default Tags
      • Managing Targets
      • Scan Configuration
    • Risk
    • Firewalls
      • Ports
      • HTTP Servers
      • DNS Records
    • Websites
      • Certificates
      • Scripts
      • Cookies
      • Headers
      • Forms
      • Links
      • Downloads
      • Traffic Hosts
      • Meta Tags
      • Pages
    • Technology
    • Issues
      • Vulnerability Management
      • Issue Settings
    • Reports
    • Compliance
    • Projects
      • Penetration Testing
      • Other Projects
    • Events
      • Event Rules
      • Event Types
    • Automations
      • Target Automations
      • Asset Automations
      • Target Issue Automations
  • Integrations
    • Discovery Integrations
      • Azure
      • Google Cloud
      • AWS
      • Cloudflare
      • Oracle Cloud Infrastructure
      • F5
      • GoDaddy
      • Wiz
      • HTTP
    • Workflow Integrations
      • Slack
      • Google Chat
      • Jira
      • PagerDuty
      • Splunk
      • AWS
      • Vanta
      • Microsoft Teams
      • ArmorCode
      • Zapier
        • Slack (via Zapier)
        • Jira (via Zapier)
        • Service Now (via Zapier)
    • Feeds
      • Using Feeds with Google Sheets
    • API
    • Webhooks
  • Account
    • Account Overview
      • Account Security
    • Users
      • Roles & Permissions
Powered by GitBook

© 2024 Halo Security

On this page
  • Risk Scores
  • Risk Indicators
  • Issue Severity
  • CVSS Score & PCI Compliance

Was this helpful?

  1. Platform

Risk

What risk means and how we calculate it.

PreviousScan ConfigurationNextFirewalls

Last updated 2 months ago

Was this helpful?

There are several ways Halo Security helps you evaluate risk on your attack surface.

Risk Scores

Risk is scored on a 10,000-point scale from Low (0-299) and Medium (300-599) to High (600+). These risk ratings are color-coded by Green, Yellow, and Red. For more information about how risk is calculated, as well as a calculator that can show you how risk was assigned for any particular Target, please visit the page.

Risk Indicators

We used colored risk indicators for certain elements like ports, ciphers, and various website-related information such as cookies and headers.

As a general rule of thumb:

  • (● Green): Good or common. There is likely no issue.

  • (● Yellow): More rare or questionable. Should be investigated.

  • (● Red): Rare and poses significant risk without mitigating controls. Should be remediated.

Issue Severity

All issues are rated on a scale of 1-5 and contribute to the full risk score.

  • Severity 5: An attacker can take full control.

  • Severity 4: An attacker can access critical data.

  • Severity 3: An attacker can access sensitive data.

  • Severity 2: An attacker can access configuration data.

  • Severity 1: An attacker can access unnecessary data.

CVSS Score & PCI Compliance

For vulnerabilities with a known risk, we also provided the CVSS score on the issue detail page. Additionally, certain vulnerabilities are classified as PCI vulnerabilities and must be remediated or exceptions created. That detail is also included on the Issue Detail page.

You can easily customize the severity of different issues, by going to Scan > Settings > and adding a new setting.

Risk Methodology
Issue Settings