There are some basic guidelines to help you to improve your Threat Risk Index (TRI) scores.
- For deployments with high TRI scores, review and address critical remediations using the Remediations page in the Alert Logic® console.
- If scan age is elevating the TRI score, use the scan map on the Topology page of the Alert Logic console to determine which hosts have not been scanned recently.
- To isolate external-facing vulnerabilities, review the results of recent external scans or use the Vulnerability Summary report to access the filtered list of vulnerabilities found in your environment.
- To identify vulnerabilities with known exploit code, use the Vulnerability Summary report to access the filtered list of vulnerabilities found in your environment.
While the best TRI score you can have is 0, very low TRI scores may generally be acceptable based on your environment. A good rule of thumb for interpreting a TRI score is to take the TRI score and divide it by 10. The resulting number will give you a rough estimate of the number of critical items you need to address. For example, suppose the TRI score for a deployment is 62. In this scenario, there are most likely 6 or so (62 divided by 10) critical vulnerabilities or configuration exposures that should be addressed to quickly improve the score.
Additionally, keep in mind that any time new assets are discovered and scanned, the TRI score may spike and then dip after initial remediation actions are taken.