This article describes the metrics displayed in the health score panel
The health score panel shows multiple metrics in different formats:
- The Health Score (normalized or not) and its evolution (increase/decrease) over the selected time frame.
- The Projected Impact of active remediation plans (for organizations with the remediation feature activated).
The Health Score is defined as follows:
- Every scanned asset is given an individual asset Health Score from 0.00 to 1.00, where 0.00 is an "unhealthy" asset and 1.00 is a fully "healthy" asset.
- The organization Health Score (non-normalized) is the sum of all the assets' health scores. Unscanned assets are excluded from the Health Score at the moment.
How are individual assets' Health Score calculated?
The asset's worst vulnerability CPS is the only one counted on an asset to evaluate its health (the health of an asset with regard to its potential exploitability on the network is not affected by the number of equivalent "worst" vulnerabilities as CPS already takes into account surrounding vulnerabilities).
The asset Health Score s(a) is therefore defined as such:
- The CPS score is divided by 10 to give a resulting number from 0.00 to 1.00.
- You can think of the asset Health Score as an "inverse probability" of it being compromised in the network.
How is the organization Health Score calculated?
The organization global Health Score (non-normalized) is the sum of all the assets' Health Scores in your environment.
If s(a) is the Health Score of an asset a, then the global organization's Health Score S(org) is defined as such:
How is the normalized organization Health Score calculated?
The normalized Health Score allows you to compare your own Health Score to peers and/or to subdivisions within your organization. It is the ratio of all your healthy assets VS all your scanned assets.
How is the projected impact calculated?
- Every remediation plan created through the remediation feature will have an individual positive impact on the Health Score (in percentage) as it will improve by fixing these vulnerabilities on specific assets.
- The projected impact displayed in that panel is simply the sum of the individual remediation plans impact on the health score (in percentage), for all the plans that still have some vulnerabilities to fix.