>
    Legacy IoT Security
    Focus
    Download PDF
    Focus
    1. Home
    2. Device Security
    3. IoT Device Vulnerability Detection
    4. Customize Risk Scores
    5. Legacy IoT Security
    Download PDF
    Device Security

    Legacy IoT Security

    Table of Contents

    Legacy IoT Security

    Create a risk framework that captures your environment's risk tolerance by customizing the factors that affect risk scores in Device Security.

    Customize How Vulnerabilities Affect Risk Scores

    Customize How Vulnerabilities Affect Risk Scores
    When you define a vulnerability rule, you specify a matching criteria for vulnerabilities and the resulting risk score. If a vulnerability matches the criteria of a vulnerability rule, then the vulnerability rule assigns the defined risk score to that vulnerability. Device Security uses this risk score when considering the vulnerability’s impact on the overall device risk score. In the case that a vulnerability matches multiple vulnerability rules, then Device Security applies the highest risk score to that vulnerability.
    You can view and manage your vulnerability rules in the Vulnerabilities table on SettingsRisk Score Configuration. Hover over a vulnerability rule’s criteria to see the entire matching criteria. You can click on the number of matched CVEs to go to the Vulnerabilities page and see all the vulnerabilities that match the vulnerability rule, as well as all instances affected by each vulnerability. To edit an existing vulnerability rule, select the Edit (pencil) icon under the Action column.
    1. Navigate to SettingsRisk Score Configuration and select Add Vulnerability Rule from the Vulnerabilities table.
    2. In the Edit Vulnerability Criteria pop-up, specify the following:
      • Vulnerability Rule Name: Enter a name for the vulnerability rule.
      • Optional Description: Enter a description for the vulnerability rule.
      • Vulnerability Criteria: Select the matching criteria you want to use for the vulnerability rule. You can select multiple attributes to use. If you select multiple attributes, then a vulnerability must match all criteria for the vulnerability rule to assign the custom risk score.
      • Risk Score: Enter the risk score you want to assign to all matched vulnerabilities.
    3. Apply the vulnerability rule, and verify that the vulnerability rule appears in the Vulnerabilities table.

    Customize How Security Alerts Affect Risk Scores

    Customize How Security Alerts Affect Risk Scores
    Security Alerts affect device risk scores depending on the severity of the alerts. To customize the risk score for security alerts, you can change the risk score of each security alert severity level. You can’t change the risk score for individual security alerts or security alerts on individual devices.
    You can view and manage the risk score of security alerts in the Security Alerts section on SettingsRisk Score Configuration. The section displays the risk score assigned to each alert security level. To change a risk score, select the Edit (pencil) icon next to the risk score for the severity level you want to modify. You can also remove all security alert customizations by selecting Reset to Default.
    Only users with an Owner role can adjust the risk score for security alert severity levels.
    1. Navigate to SettingsRisk Score Configuration and scroll down to the Security Alerts section.
    2. Select the Edit (pencil) icon next to the risk score of the severity level you want to modify.
    3. In the Edit Security Alert Risk Score pop-up, enter the new risk score you want to assign to the severity level.
      Risk scores must be a number from 0 to 100. When choosing a risk score, you can’t exceed the risk score of a higher severity level. Nor can you choose a risk score that’s less than the risk score of a lower severity level.
    4. Confirm the new risk score and verify that the Security Alerts section displays the updated risk score.

    Customize How Other Risk Factors Affect Risk Scores

    Customize How Other Risk Factors Affect Risk Scores
    When calculating a device risk score, Device Security considers other risk factors beyond vulnerabilities and alerts. Other risk factors can be broadly applicable, such as the status of an operating system, or they might be specific to an Device Security vertical, such as MDS2 factors that apply only in healthcare settings. While Device Security allows only system-defined other risk factors, you can customize the risk score to adjust how much these factors affect device risk scores.
    You can view and manage the risk scores of other risk factors in the Other Risk Factors section on SettingsRisk Score Configuration. The table displays the Name, Description, Type, Matching Rule, Risk Score, and Source for each factor. Hover over a field to see the full value displayed. To change a risk score, select the Edit (pencil) icon next to the risk score for the risk factor you want to modify. You can also remove all risk score customizations by selecting Reset to Default.
    1. Navigate to SettingsRisk Score Configuration and scroll down to the Other Risk Factors section.
    2. Select the Edit (pencil) icon next to the risk score of the risk factor you want to modify.
    3. In the Edit Other Risk Factors Risk Score pop-up, enter the new risk score you want to assign to that risk factor.
    4. Confirm the new risk score and verify that the Other Risk Factors section displays the updated risk score.

    Customize How Asset Criticality Affects Risk Scores

    Customize How Asset Criticality Affects Risk Scores
    A device's asset criticality affects the amplification of the overall device risk score. The higher the asset criticality level, the more Device Security amplifies the device risk score. You can change a device’s asset criticality level to adjust the risk score for individual devices. To change how much an asset criticality affects all devices across your network, you can customize the impact factor for each asset criticality level.
    You can view and manage the impact factor of asset criticality levels in the Impact Factor section on SettingsRisk Score Configuration. The section displays the impact factor, as a percentage, assigned to each asset criticality level. To change an impact factor, select the Edit (pencil) icon next to the impact factor for the asset criticality level you want to modify. You can also remove all impact factor customizations by selecting Reset to Default.
    Only users with an Owner role can adjust the risk score for security alert severity levels.
    1. Navigate to SettingsRisk Score Configuration and scroll down to the Impact Factor section.
    2. Select the Edit (pencil) icon next to the impact factor of the asset criticality level you want to modify.
    3. In the Edit Asset Criticality Impact Factor pop-up, enter the new impact factor you want to assign to the asset criticality level.
      Impact factors must be a number from 0 to 100. When choosing an impact factor, you can’t exceed the impact factor of a higher asset criticality level. Nor can you choose an impact factor that’s less than the impact factor of a lower asset criticality level.
    4. Confirm the new impact factor and verify that the Impact Factor section displays the updated impact factor.

    © 2025 Palo Alto Networks, Inc. All rights reserved.