With release 2.4, SAP Enterprise Threat Detection introduced the patch risk score in its application system monitoring. The patch risk score has the purpose of drawing attention to missing security notes and helps the administrator in assessing the risk situation in your system landscape at a glance. Calculated based on the CVSS Base Scores, the patch risk score indicates how vulnerable your systems are due to missing security notes.
As administrator, you can view the score for a specific system in the System Monitoring app:
The app also shows which security notes are missing and whether corrections can be implemented by applying the note or via a support package.
You can call up the relevant security notes directly from the UI using the links provided.
When you open the System Monitoring app, the patch risk scores of the systems connected to SAP Enterprise Threat Detection are displayed aggregated by system role (for example "Production"). This allows you to assess the risk on an aggregated level first. In case of high vulnerability, you can drill down to the affected systems and take preventive actions.
To assign systems to system roles according to your company's system landscape, you can use the System Administration app.
Thus, using System Monitoring app with its Patch Risk Score, system administrators can right away see potential vulnerabilities in their system landscape and identify a system requiring immediately patching.
For more information regarding above functionality please refer to
link.
You will find more about SAP Enterprise Threat Detection on
community page.
I am looking forward to your feedback.