Risk scores aren't set or updated on entity detail pages
search cancel

Risk scores aren't set or updated on entity detail pages

book

Article ID: 251788

calendar_today

Updated On:

Products

Information Centric Analytics

Issue/Introduction

When viewing the Risk Rating section of the Details page for any entity type (Applications, Computer Endpoints, IP Addresses, Users, or Persons) in Information Centric Analytics (ICA), the entity's aggregate risk score is displayed above the list of Risk Vectors, but scores for individual risk vectors are 0.00, with the Change Since Yesterday value set to 0.

Environment

Release : 6.5.4

Cause

The general portal setting Risk Scoring Watermark was not updated at the end of the Calculate Risk Scores step (19) of ICA's nightly RiskFabric Processing job because of a failure processing one or more risk vectors.

Resolution

As a workaround, navigate in the ICA console to Admin > Settings > General > Risk Scoring - Overall and set the Risk Scoring Watermark value to today's date, in the following format:

yyyy-mm-dd

E.g., 2022-12-31

To identify the risk vector(s) that are causing the risk score calculation error(s), follow this procedure:

  1. Open SQL Server Management Studio (SSMS)
  2. Connect to the Database Engine hosting the RiskFabric database
  3. From the File menu, select New > Query with Current Connection
  4. Copy the following query and paste it into the new query editor window:
    USE RiskFabric;
    GO

    DECLARE @LogGroupName nvarchar(50),
            @LogGroupDate datetime
    ;

    SET     @LogGroupName = 'Calculate Risk Scores in Parallel'
    SET     @LogGroupDate =
            (
                SELECT  MAX(CAST(StartDate AS date)) AS StartDate
                FROM    Log_DataTransformationGroup WITH (NOLOCK)
                WHERE   LogGroupName = @LogGroupName
            )
    ;

    WITH    cte AS
            (
                SELECT  LogGroupID
                FROM    Log_DataTransformationGroup WITH (NOLOCK)
                WHERE   LogGroupName = @LogGroupName
                AND     CAST(StartDate AS date) = @LogGroupDate
            )

    SELECT  DISTINCT ldt.LogName, ldt.ErrorDesc
    FROM    Log_DataTransformation AS ldt WITH (NOLOCK)
    INNER JOIN cte
    ON      ldt.LogGroupID = cte.LogGroupID
    WHERE   LogName LIKE 'Processing risk vector%' AND
            ldt.StatusFlag = 'F'
    ORDER BY 1;
  5. Execute the query by pressing the F5 key, clicking the Execute button in the SQL Editor toolbar, or selecting Execute from the Query menu
  6. Save the query output to a CSV or XLSX file, open a support case at support.broadcom.com, and upload the file to the case
Powered by Wolken Software