Viewing and Understanding the Risk Score

The risk score in Cloud Guard provides a rough estimate of the risk level to your environment that's posed by the problems that Cloud Guard detects.

The risk score is related to the number and severity of problems. In general, organizations with many more resources are likely to have more problems, and thus a higher risk score. The risk score is closely related to the "potential surface area" of risk. If you have many OCI resources, you might have an excellent security score (overall assessment) and still have a higher risk score.

How the Risk Score Is Calculated

  • The numeric risk score is updated every 15 minutes, and it reflects the total number of problems that Cloud Guard has detected, the risk level of each problem, and the types of resources involved.

    Different categories of resources are more sensitive to security threats and that sensitivity weights the scoring. For example, users (IAM) and buckets (Object Storage) are considered more sensitive, based on factors such as how easy they are to access and how they can be used as a target of attack.

  • The raw risk score that's calculated is normalized to fall within the range of 0 to 9,999. A risk score of zero would mean that no problems were detected for any resources.

    A high risk score generally indicates a larger number of problems with higher risk levels (HIGH or CRITICAL). If the problems and the resources involved are less sensitive, a large number of problems doesn't produce a high risk score.

  • A security best practice is to give priority to addressing the problems with the highest risk levels, that Cloud Guard detects on the most sensitive resources. Following this best practice produces the greatest reduction in the risk score.
Note

The risk score reflects monitoring for the past 30 days. Cloud Guard updates the risk score calculation continuously, every 15 minutes. The exact time period for the risk score calculation advances by 15 minutes each time it's calculated.

    1. Open the navigation menu and click Identity & Security. Under Cloud Guard, click Overview.
    2. View the Risk score tile in the top center.
  • For a complete list of flags and variable options for CLI commands, see the Command Line Reference.

    Use the oci cloud-guard risk-score-aggregation request-risk-scores command and required parameters to get a page of RiskScoreAggregation resources for a compartment:

    oci cloud-guard risk-score-aggregation request-risk-scores --compartment-id, -c <compartment_ocid> [OPTIONS]
  • Run the RequestRiskScores operation to get a page of RiskScoreAggregation resources for a compartment.