Risk Intelligence Quick Start Guide

The following section provides information on the steps required to get up and running with Risk Intelligence.

Create a Risk Intelligence Policy

Policies control every aspect of Risk Intelligence, from the scans it runs down to their schedule.

To get you up and running we have included default policies for Servers, Desktops and Laptops, with the option to manage your own custom policies (as well as edit the defaults).

  1. Go to Settings > Risk Intelligence > Policy
  2. Click New
  3. Enter the "Policy Name" for identification
  4. Either select an existing policy from the "Base Policy On" drop-down to act as a template or leave blank for a completely new policy, with all scans set to Do not Run (disabled)
  5. In "Policy Type" choose the type of device the policy applies to
  6. Configure the "Policy" sections.
  7. This opens the Policy dialog containing the following configuration sections (listed below)
  8. Click Save once complete to create

Scans are enabled by changing the "Select Frequency Method" setting from "Do not Run" (disabled) to the required schedule option: "Once per Day "(select one day for weekly scans), "Once per Month" or ""Manual. To disable a scan, change its setting to ""Do Not Run.

Section Description
General Contains the Policy type and editable Policy name

Set the account wide Currency Symbol and Security Liability Amount as well as any Global Policy File Exclusions

Policies Security Scan Retrieves vulnerability information from the computer that may expose the Operating System and installed application to security risks
PCI Scan Search for risks with internal Payment Credit Industry compliance violations
Data Breach Risk Scan (Country) A security scan that searches for Credit Card Numbers, dates of birth, government-issued identification, and financial account numbers.

There is not a global standard for Personally Identifiable Information (including government issues identification) so we include country-specific versions of this scan to search for and retrieve details in that country’s format. AUS, BEL, BRA, CAN, DEU, ESP, FRA, GBR, IRL, ITA, NLD, NOR, NZL, SWE, USA, ZAF, NZL

Expanded Data Breach Risk Scan This extension of the Data Breach Risk Scan also performs a Technical Safeguards Check. This check queries the device and highlights settings that do not meet common baseline configurations
Custom Scans Custom scans based on the following scan types: Data Risk Breach, Expanded Data Risk Breach, File Finder, Security and PCI and PAN Scan.

To access the "Scan Configuration" section of the Risk Intelligence dashboard click the Custom Scans button.

To manually synchronize the Dashboard's custom policy list with Risk Intelligence, click the Reload Customized Scans button.

As these intensive scans may take some time to complete, we have included a mechanism which prevents the scheduling of a scan within two hours of another scan. If two scans are scheduled to take place within this two-hour period, a notification is displayed when attempting to save the policy and the save option disabled until the schedules changed. In those circumstances where a scan is still running when a new scan is scheduled to start, the currently running scan is stopped.

Enable Risk Intelligence and select Policy

Risk Intelligence can be enabled for all Servers and Workstations or servers and workstations at the specified Clients and Sites. Risk Intelligence is policy driven.

By default, policies are inherited from the parent. Devices inherit policies from the site, sites inherit policies from the Client, Clients, in turn, inherit the policy setting for all servers and workstations.

To enable Risk Intelligence and set the policy for multiple devices:

  1. Go to Settings > Risk Intelligence > Policy
  2. Select the "Entity "type to enable Risk Intelligence on (all servers and workstations or servers and workstations at specific clients and sites). For information on each potential entity state, please refer to Feature and Functionality Settings Icons.
  3. Change "Setting" to "On", "Off" or ""Use Parent (only for Client or Site)
  4. When "Setting: On" choose the policy to apply to the selected entity from the drop-down. This includes the default Server, Desktop and Laptoppolicies (depending on selection), but also any custom policies that are available for the selected device type.
  5. Click OK to save and apply

For full granularity Risk Intelligence can be enabled (or disabled) for specific Servers or Workstations via the Risk Intelligence tab of a Device's Edit dialog. The Edit dialog is available from the North-pane of the Dashboard when right-clicking a device or from the Server, Workstation or Device dropdown.

From here you can alter the Risk Intelligence "Setting" to "On", "Off" or "Use Parent" and choose the Device's policy. Changing this setting from "Use Parent" to "On" or "Off" will exclude the device from any changes made at its parent level.

Manually run a Risk Intelligence Scan

After the Risk Intelligence Automated Tasks have downloaded to the Device and synchronized with the Dashboard, they can be run manually from the Dashboard (this allows you to run Tasks outside of the policy schedule).

  1. Select the target device in the North-pane
  2. Navigate to the Tasks tab
  3. Highlight the target Risk Intelligence Automated Task
  4. From the "Automated Tasks" drop-down, or right-click context menu, choose Run Automated Task

Risk Intelligence Dashboard

The Risk Intelligence dashboard hosts the scan results and reports.

To access the Risk Intelligence dashboard:

  • Click on the top right product switcher in the monitoring Dashboard and choose Risk Intelligence.
  • When reviewing a Risk Intelligence Automated Task's "More Information" section there is the option to Click here to access your Risk Intelligence dashboard
  • Go to the "Reports" menu and choose a Risk Intelligence Report
  • Log directly in via the Risk Intelligence dashboard login page at https://us.ri.logicnow.com/ and enter the Single Sign-On credentials when prompted

From here you can configure scans, view scan results and review reports.

View Scan Results

Once the Risk IntelligenceAutomated Tasks have completed, they upload their information to the Dashboard and Risk Intelligence dashboard. The N-sight RMM Dashboard displays the Automated Task status, and the Risk Intelligence dashboard contains the scan results under "View and Manage", "Scan Results".

Click Scan Results to view the scan information for each device. To customize the table layout, click on Select Columns then choose the columns to display. Use shift and left-click to select a range or Control and left click to choose specific items.

Reports

The Risk Intelligence Dashboard Reports section provides summary information and analytics for each Client based on the scan results of its associated devices. To open this section from the monitoring Dashboard go to Reports, Risk Intelligence Reports then choose the Report type.

The HTML reports available for a Client depend on the scans configured on their devices.

These are split into two types:

  • Trend Reports contain the cumulative scan results from all scans during the selected time frame.
  • Baseline Reports provide information on the scan results from each device’s last scan of that type.

From here you can drill down into the scans that comprised this report.

Disable Risk Intelligence

Where Risk Intelligence is no longer required you can switch it off for all devices based on type, at the Client or Site level of on specific devices.

By default, policies are inherited from the parent. Devices inherit policies from the site, sites inherit policies from the Client, Clients, in turn, inherit the policy setting for all servers and workstations.

Multiple Devices

  1. Log into the Dashboard
  2. Go to Settings > Risk Intelligence > Policy
  3. Select the Entity type (from the all Servers and Workstations level down to individual Clients and Sites)
  4. Choose Off from the Settings drop-down, or Use Parent where the entity's parent setting is Off
  5. Click OK to exit and save changes

Individual Device

  1. Log into the Dashboard
  2. Right-click on the device in the North-pane (or from the Edit drop-down)
  3. Click Edit Server or Edit Workstation
  4. Go to Risk Intelligence
  5. Choose Off from the Settings drop-down, or Use Parent where the device's parent setting is Off
  6. Click OK to exit and save changes