Risk scores

[mikermcneil]

Goal

• As a user of Fleet, I want to see a single, aggregated risk score for every device in my organization.
• I want the risk score to be calculated with sensible defaults, without any extra setup necessary.
• But I also want to be able to customize the relative weights of various factors in how the score is calculated, including emphasizing/deemphasizing the importance of particular CVEs, particular kinds of CVEs, or particular policies. Ideally, this weighting could be achieved without hand-writing code, though that would be an okay starting point.

Here are some confidential notes from one of the customer/user conversations where this came up: https://docs.google.com/document/d/1UGvLRU5SJGM8OcAszMVV8xxZXDDumv9faSog70tUBiI/edit#heading=h.7en766pueek4

How?

• [ ]

[noahtalerman]

Dave: Related to device health.

[noahtalerman]

@dherder can you please add more context here when you get the chance?

[dherder]

@noahtalerman It would be helpful to automatically calculate a risk score and append that to the device health endpoint for the purpose of application access / blocking. For example, I want to define thresholds derived from counts of failing policies and vulnerabilities. So, risk score = (custom_weight_a)(failing_policies_count)+(custom_weight_b)(vulnerabilities_count) where custom weight is a percentage value (0-100) and (custom_weight_a + custom_weight_b) must equal 100. The higher the number the greater the risk.

[noahtalerman]

Thanks @dherder!

We decided not to work on drafts for this in the upcoming sprint (4.49)

Removing from feature fest.