High-level overview of groups in RiskSense.
RiskSense Groups serve two main purposes within the platform. Groups provide the ability to create organizational folders within RiskSense, allowing for convenient and logical options for reporting and filtering on subsets of assets and their vulnerabilities. Groups can be configured based any asset commonality, such as device type, location, team, or business unit. Assets can be assigned to multiple groups. As an example, a Windows 2016 Server running MS SQL and housed within the Sunnyvale office could be assigned to the Windows Servers, Databases, and Sunnyvale Office groups.
The second purpose of a group is to serve as a security boundary within the platform. User accounts, just like assets, are assigned to one or more groups. To which groups a user is assigned will dictate the assets and vulnerabilities to which they can view and manipulate, allowing for granular data management and visibility options. Using the Windows 2016 server example mentioned above, that asset would be visible to any user accounts who are members at least one of the groups to which the host is assigned (Windows Servers, Databases, or Sunnyvale Office). If a user is not a member of any of those three groups, that Windows 2016 asset and any vulnerabilities identified in scans of that device will not appear on any of his or her RiskSense dashboards, list views, or filter results. The host and scanner findings will not be included in that user’s total asset or vulnerability counts either, nor will that host’s RS³ calculation have an impact on their overall score.
RiskSense recommends creating several groups to move assets into, as new hosts and web applications are brought online within your environment. As the scan files containing fingerprints of the new assets are uploaded into the Platform, newly identified assets are assigned the Default Group within RiskSense. Users can then apply list-view filters for categories such as Host Name, IP Address, and Operating System to gather thew new assets, and then assign to the appropriate group or groups. This leaves the Default Group as a place to easily find new hosts/assets as they are scanned and surfaced in RiskSense.
Group creation, management, and assignment of users to groups can be performed within the Organize > Groups view. Adding assets to or removing assets from groups is conducted within the Manage > Hosts or Manage > Applications list views.