Configuration
  • 11 Jan 2024
  • 15 Minutes to read
  • Dark
    Light

Configuration

  • Dark
    Light

Article summary

Overview

A Legal Entity is an organization or business unit within a company for which risk data are being quantified in ThreatConnect® Risk Quantifier (RQ), and an Enterprise is a collection of Legal Entities in an RQ instance. When an RQ Enterprise Administrator configures an Enterprise, they can create one or more Legal Entities, create users, and assign users to Legal Entities.

After an Enterprise is configured, an RQ Enterprise Administrator or RQ Pro Administrator can configure Legal Entities in the Enterprise. This article provides an overview of each required and optional configuration for a new Legal Entity and instructions on how to complete the Legal entity configuration.

Before You Start

Minimum Role(s)RQ Pro Administrator
PrerequisitesA Legal Entity created in an Enterprise

The Configuration Screen

When accessing a newly created Legal Entity for the first time, its Configuration screen will be displayed (Figure 1).

Graphical user interface, application  Description automatically generated

 

The Configuration screen displays all Legal Entity configurations split into two categories: Required Configuration and Optional Configuration. For newly created Legal Entities, the only configuration you can complete is Legal entity. After you complete this configuration, all other configurations, except Endpoint Profile, will become available for completion.

Note
The Endpoint Profile configuration will become available after you complete the Integrations configuration.

Required Configurations

The following sections describe each required configuration and all options available on their corresponding screen. To run a risk analysis for a Legal Entity, you must complete the Legal entity, Control Profiles, and Applications configurations. Completion of the Third Party Partners configuration is only required to run third-party risk analyses.

Legal Entity

On the Configuration screen (Figure 1), click the Setup button on the Legal entity card. The Legal Entity screen will be displayed (Figure 2).

Graphical user interface, application  Description automatically generated

 

  • Legal Entity Name: By default, this field is populated with the name of the Legal Entity entered by the RQ Enterprise Administrator when they created the Legal Entity. Click in the box to edit the Legal Entity’s name, if desired.
  • What is the currency which will be used to present financial data?: Select the currency to use when displaying financial data for the Legal Entity.
    Important
    You cannot change the selected currency at a later time.
  • Fiscal Year Start Date: Select the date on which the fiscal year starts for the Legal Entity.
  • Fiscal Year End Date: By default, this field is populated automatically with the date on which the fiscal year will end based on the date selected for Fiscal Year Start Date (e.g., if Fiscal Year Start Date is set to 07/01/2022, Fiscal Year End Date will be set to 06/30/2023). If desired, click in the box to change this date.
  • Industry: Select the Legal Entity’s industry.
  • Presence: Select the region or country in which the Legal Entity resides.
  • How many employees does the legal entity have worldwide?: Enter the number of people the Legal Entity employs worldwide.
  • What was the gross revenue of the legal entity over the previous fiscal year?: Enter the Legal Entity’s gross revenue over the previous fiscal year.
  • How many customers does the legal entity have?: Enter the Legal Entity’s number of customers.
  • What was the average value of a customer over the last fiscal year?: This field will be populated automatically with the result of dividing the Legal Entity’s gross revenue over the previous fiscal year by the Legal Entity’s number of customers after you enter values for the What was the gross revenue of the legal entity over the previous fiscal year? and How many customers does the legal entity have? fields, respectively. If desired, click in the box to change this value. Note that this value must not exceed the result of dividing the Legal Entity’s gross revenue over the previous fiscal year by the Legal Entity’s number of customers.
  • What is the projected customer growth rate for the current fiscal year?: Enter the Legal Entity’s projected customer growth rate for the current fiscal year.
  • Click the Save button.

The Configuration screen will be displayed with the Legal entity and Control Profiles configurations marked as complete (Figure 3). In addition, the Setup buttons will be enabled for all configurations except Endpoint Profile.

Graphical user interface, application  Description automatically generated

 

Note
The Control Profiles configuration is marked as complete automatically because a default Enterprise Control Profile and Application Control Profile are created automatically after you complete the Legal entity configuration.

Control Profiles

Control Profiles are specific configurations and implementations that you can apply to a Legal Entity or Application. The default Application and Enterprise Control Profiles (i.e., the Application and Enterprise Control Profiles for which the Default Profile option is toggled to ON) will be selected automatically when creating Applications.

To modify the Control Profiles configuration, click the Setup button on the Control Profiles card. The Control Profiles screen will be displayed (Figure 4).

Graphical user interface, application, Word  Description automatically generated

 

  • Control Profile: This column displays the Control Profile’s name.
  • Type: This column indicates the Control Profile’s type. Available Control Profile types include the following:
    • Application: An Application Control Profile specifies the controls you have in place for the Applications used in a Legal Entity.
    • Enterprise: An Enterprise Control Profile specifies the effectiveness level of each Enterprise Control you have in place. These effectiveness levels are used in inherent and residual risk calculations.
  • Applied To: This column displays the Application(s) to which the Control Profile is applied. When a Control Profile is applied to multiple Applications, a See All link will be displayed following the first Application’s name. Click this link to display the Applications window and view the name, type, and description of each Application to which the Control Profile is applied. If a Control Profile has not been applied to an Application, a value of N/A will be displayed.
  • Created: This column displays the date and time when the Control Profile was created.
  • Updated: This column displays the date and time when the Control Profile was last updated. If the Control Profile has not been updated, a value of N/A will be displayed.
  • Default Profile: This column indicates whether the Control Profile is the default Control Profile of its type. By default, the Default AC Profile and Default EC Profile are the default Application and Enterprise Control Profiles, respectively. To set a Control Profile as the default Control Profile, toggle the slider in this column to ON.
  • Actions: Click Edit to modify the Control Profile’s configuration.
  • Filter by: If desired, use the following options to filter Control Profiles listed in the table:
  • Control Profile: Use this option to filter Control Profiles by name based on the entered search term.
  • Type: Use this option to filter Control Profiles by the selected Control Profile type(s).
  • Applied To: Use this option to filter Control Profiles by the names of the Applications to which they are applied based on the entered search term.
  • Create Profile: Click this button to create a Control Profile.

Applications

Applications are where business value is realized, stored, and processed for a Legal Entity. Specifically, Applications represent tools or software used by the Legal Entity, and they are the center of RQ’s attack modeling.

On the Configuration screen (Figure 3), click the Setup button on the Applications card. The Applications screen will be displayed (Figure 5).

Graphical user interface, text, application  Description automatically generated

 

  • Application: This column displays the Application’s name.
  • Type: This column displays the Application’s type.
  • Enterprise Control Profile: This column displays the Enterprise Control Profile applied to the Application.
  • Application Control Profile: This column displays the Application Control Profile applied to the Application.
  • Business Asset: This column displays the Application’s Business Assets, which are items in a Legal Entity that can be financially impacted due to a cyberattack. If no Business Assets have been provided for an Application, a value of Not Provided will be displayed in this column. See the “Business Assets” section for more information about Business Assets.
  • Target Endpoint: This column indicates whether Target Endpoints holding data or involved in transaction processing have been provided for the Application.
    Note
    When configuring IaaS - Infrastructure as a Service / PaaS - Platform as a Service and Self Hosted Applications, you must provide at least one Target Endpoint.
  • Status: This column displays the Application’s status. Possible statuses include the following:
  • Complete: This status is assigned to Applications with all required configurations complete.
  • Draft: This status is assigned to Applications with one or more incomplete required configurations.
  • Archived: This status is assigned to archived Applications.
  • Actions: This column allows you to perform the following actions:
    • Edit: Click Edit to modify the Application’s configuration.
    • Archive: The Archive option is displayed only for Applications with a status of Complete. Click Archive to archive the Application. When an Application is archived, you will not be able to modify its configurations, it will not be included in analyses computed in RQ, and its status will be set to Archive.
    • Unarchive: The Unarchive option is displayed only for Applications with a status of Archive. Click Unarchive to unarchive an Application and set its status to Complete.
  • Filter by: If desired, use the following options to filter Applications listed in the table:
    • Application: Use this option to filter Applications by name based on the entered search term.
    • Type: Use this option to filter Applications by the selected Application type(s).
    • Enterprise Control Profile: Use this option to filter Applications based on whether the selected Enterprise Control Profile(s) is applied to them.
    • Application Control Profile: Use this option to filter Applications based on whether the selected Application Control Profile(s) is applied to them.
    • Business Asset: Use this option to filter Applications based on whether a Business Asset is provided for them.
    • Target Endpoint: Use this option to filter Applications based on whether a Target Endpoint is provided for them.
    • Status: Use this option to filter Applications by the selected Application status(es).
  • Create Application: Click this button to create an Application.

Third Party Partners

Third parties present a unique risk to a business, as they have access to a Legal Entity’s data, revenue, and reputation. If attackers target third parties, they can cause material damage to an organization.

On the Configuration screen (Figure 3), click the Setup button on the Third Party Partners card. The Third Party Partners screen will be displayed (Figure 6).

Graphical user interface, text, application, email  Description automatically generated

 

  • Third Party: This column displays the Third Party’s name.
  • Analysis Run Time: This column displays the date and time of the latest third-party risk analysis.
  • Enterprise Control Profile: This column displays the Enterprise Control Profile applied to the Third Party.
  • Business Asset: This column displays the Business Assets applied to the Third Party.
  • Analysis Status: This column displays the status of the latest third-party risk analysis. Possible statuses include the following:
    • Successful: The third-party risk analysis completed successfully.
    • Unsuccessful: The third-party risk analysis did not complete successfully.
    • Running: The third-party risk analysis is currently being computed.
      Note
      While a third-party risk analysis is being computed, a status of Running will not be displayed in this column. Instead, all columns except Third Party will display a horizontal gray bar that alternates between light gray and dark gray to indicate the analysis is being computed.
  • Configuration Status: This column displays the configuration status of the Third Party. Possible statuses include the following:
    • Complete: This status is assigned to Third Parties with all required configurations complete.
    • Draft: This status is assigned to Third Parties with one or more incomplete required configurations.
    • Archived: This status is assigned to archived Third Parties.
  • Actions: This column allows you to perform the following actions:
    • Edit: Click Edit to modify the Third Party’s configuration.
    • Archive: The Archive option is displayed only for Third Parties with a status of Complete. Click Archive to archive the Third Party. When a Third Party is archived, you will not be able to modify its configurations or run third-party risk analyses for it, and its status will be set to Archive.
    • Run: The Run option is displayed only for Third Parties with a status of Complete. Click Run to run a third-party risk analysis for the Third Party. After the analysis is complete, you can view its results on the Third Parties Dashboard screen.
    • Unarchive: The Unarchive option is displayed only for Third Parties with a status of Archive. Click Unarchive to unarchive a Third Party and set its status to Complete.
  • Filter by: If desired, use the following options to filter Third Parties listed in the table:
    • Third Party: Use this option to filter Third Parties by name based on the entered search term.
    • Analysis Run Time: Use this option to filter Third Parties based on whether the date and time of their latest third-party risk analysis occurred during the selected time interval or specified date range.
    • Enterprise Control Profile: Use this option to filter Third Parties based on whether the selected Enterprise Control Profile(s) is applied to them.
    • Business Asset: Use this option to filter Third Parties based on whether the selected Business Asset is applied to them.
    • Analysis Status: Use this option to filter Third Parties by the selected third-party risk analysis status.
    • Configuration Status: Use this option to filter Third Parties by the selected Third Party configuration status.
  • Create Third Party: Click this button to create a Third Party.

Optional Configurations

The following sections describe each optional configuration and all options available on their corresponding screen. While completing these configurations is not required, doing so will contribute to a more complete and confident risk analysis for a Legal Entity.

Integrations

You can create and run Integration Tasks to ingest vulnerability and endpoint information into your RQ instance.

On the Configuration screen (Figure 3), click the Setup button on the Integrations card. The Integrations screen will be displayed (Figure 7).

Graphical user interface, application, Word  Description automatically generated

 

  • Integration: This column displays the Integration’s name.
  • Created: This column displays the date and time when the Integration was created.
  • Vendor: This column displays the Integration’s vendor. Available Integration vendors include Archer®, Qualys®, Rapid7®, SecurityScorecard®, SureCloud®, and Tenable®.
  • Type: This column displays the Integration’s type.
  • Configuration Status: This column displays the Integration’s configuration status. Possible statuses include the following:
    • Complete: This status is assigned to Integrations with all required configurations complete.
    • Draft: This status is assigned to Integrations with one or more incomplete required configurations.
  • Execution Status: This column displays the execution status of the Integration Task corresponding to the Integration. Possible statuses include the following:
    • Unsuccessful: The Integration Task’s execution did not complete successfully.
    • Running: The Integration Task is currently executing.
    • Successful: The Integration Task’s execution completed successfully.
    • Queued: The Integration Task’s execution is queued.
    • Stopped: The Integration Task’s execution was stopped.
  • Frequency: This column displays how often the Integration Task is executed.
  • Last Run: This column displays the date and time when the Integration Task was last run.
  • Actions: This column allows you to perform the following actions:
    • Edit: Click Edit to edit the Integration’s configuration.
    • Download: The Download option will be displayed only for File Upload Integrations. Click Download to download the file that was uploaded during the Integration configuration process.
    • Run: The Run option will be displayed only for File Upload Integrations where the Integration Task has not been executed. Click Run to run the Integration Task.
    • Re-run: The Re-run option will be displayed for File Upload and API Integrations where the corresponding Integration Task has been executed at least once. Click Re-run to re-run the Integration Task.
    • Stop Schedule: The Stop Schedule option will be displayed only for API Integrations set to run on a scheduled basis. Click Stop Schedule to cancel the scheduled run of the API Integration. The Execution Status for the API Integration will be set to Stopped, and the Re-run option will become enabled for the API Integration.
  • Filter by: If desired, use the following options to filter Integrations listed in the table:
    • Integration: Use this option to filter Integrations by name based on the entered search term.
    • Created: Use this option to filter Integrations based on whether they were created during the selected time interval or specified date range.
    • Vendor: Use this option to filter Integrations by the selected vendor(s).
    • Type: Use this option to filter Integrations by the selected Integration type(s).
    • Configuration Status: Use this option to filter Integrations by the selected Integration configuration status(es).
    • Execution Status: Use this option to filter Integrations by the selected Integration Task execution status(es).
    • Frequency: Use this option to filter Integrations by one or more selected Integration Task execution frequencies.
    • Last Run: Use this option to filter Integrations based on whether the latest execution of their Integration Task occurred during the selected time interval or specified date range.
  • Create Integration: Click this button to create an Integration.

Business Assets

Business Assets represent something of value, such as revenue, data records, or custom assets, that can be the target of a cyberattack.

On the Configuration screen (Figure 3), click the Setup button on the Business Assets card. The Business Assets screen will be displayed (Figure 8).

Graphical user interface, text, application, Word  Description automatically generated

 

  • Business Asset: This column displays the Business Asset’s name.
  • Business Asset Type: This column displays the Business Asset’s type.
  • Applied to: This column displays the Applications to which the Business Asset is applied. When a Business Asset is applied to multiple Applications, a See All link will be displayed following the first Application’s name. Click See All to display the Applications window and view the name, type, and description of each Application to which the Business Asset is applied.
  • Created: This column displays the date and time when the Business Asset was created.
  • Updated: This column displays the date and time when the Business Asset was last updated. If the Business Asset has not been updated, a value of N/A will be displayed.
  • Status: This column displays the Business Asset’s status. Possible statuses include the following:
    • Complete: This status is assigned to fully configured Business Assets.
    • Draft: This status is assigned to Business Assets that are not fully configured.
  • Actions: Click Edit to edit the Business Asset.
  • Filter by: If desired, use the following options to filter Business Assets listed in the table:
    • Business Asset: Use this option to filter Business Assets by name based on the entered search term.
    • Business Asset Type: Use this option to filter Business Assets by the selected Business Asset type(s).
    • Applied to: Use this option to filter Business Assets by the name of the Applications to which they are applied based on the entered search term.
    • Status: Use this option to filter Business Assets by the selected Business Asset status(es).
  • Create Business Asset Profile: Click this button to create a Business Asset.

Endpoint Profile

Endpoint Profiles are patterns of server and endpoint configurations found across a Legal Entity. After you successfully execute an Integration Task, the Endpoint Profile configuration will be marked as complete automatically (Figure 9).

Graphical user interface, application  Description automatically generated

 

Click the Setup button on the Endpoint Profile card to display the Endpoint Profiles screen (Figure 10).

Graphical user interface, application  Description automatically generated

 

  • Endpoint Profile: The Endpoint Profile’s name. When an Endpoint Profile is created, its name will match the Integration to which it corresponds.
  • Created: The date and time when the Endpoint Profile was created.
  • Updated: The date and time when the Endpoint Profile was last updated. If the Endpoint Profile has not been updated, a value of N/A will be displayed.
  • Actions: Click Edit to edit the Endpoint Profile. See the “Editing an Endpoint Profile” section for instructions on how to edit an Endpoint Profile.

Editing an Endpoint Profile

On the Endpoint Profiles screen (Figure 10), click Edit in the Actions column for an Endpoint Profile. The Edit Endpoint Profile screen will be displayed (Figure 11).

Graphical user interface, application, table  Description automatically generated

 

  • Endpoint Profile Name: By default, this field is populated with the name of the Integration corresponding to the Endpoint Profile. Click in the box to edit the name, if desired.
    Note
    The only option you can edit for an Endpoint Profile is its name.
  • Target Endpoints Count: This section displays the number of target endpoints with vulnerabilities based on data ingested from scans conducted via an Integration Task.
  • Target Endpoints Distribution by Operating System: This section displays the number of target endpoints with vulnerabilities broken down by operating system (OS). This information, which is based on data ingested from scans conducted via an Integration Task, is displayed in a table format and a doughnut chart. Hovering over a chart element will display a window with additional details about the chart element.
  • If you updated the Endpoint Profile’s name, click the Update button to save the changes.

ThreatConnect® is a registered trademark of ThreatConnect, Inc.
Qualys® is a registered trademark of Qualys, Inc.
Rapid7® is a registered trademark of Rapid7 LLC.
Archer® is a registered trademark of RSA Security LLC.
SecurityScorecard® is a registered trademark of SecurityScorecard, Inc.
SureCloud® is a registered trademark of SureCloud Limited.
Tenable® is a registered trademark of Tenable, Inc.

20136-01 v.01.A


Was this article helpful?