Ignoring Malware from Toxic Combinations

When CloudGuard calculates the Risk Score for a Toxic Combination, CloudGuard considers malware families it identifies in your cloud assets. You can configure CloudGuard to ignore a specific malware family from the Toxic Combinations calculation for an Entity, Organizational Unit, or Environment. Ignore a malware family if you do not want to focus on it in your investigation. After you ignore a malware family, CloudGuard may assign a lower risk score to a Toxic Combination or remove it from the Toxic Combinations table.

  1. From the left menu, go to Risk Management > Toxic Combinations.

  2. Select a Toxic Combination.

    A sliding window opens.

  3. In the sliding window, expand the Vulnerabilities section.

  4. To the right of the relevant malware family, click Ignore.

    The New Malware Ignore Item window opens.

  5. Optional - Enter or edit one or more of these attributes of the Malware Ignore Item:

    • Name

    • Description

    • Expiration Date - By default, the Malware Ignore Item is permanent.

    Note - The Malware IDs section and the Vulnerable Entity section are filled automatically. To add more malware families or entities to the Malware Ignore Item, see To ignore one or more malware families from Toxic Combinations for multiple entities.

  6. Click Save.

  1. From the left menu, go to Risk Management > Toxic Combinations.

  2. Click Malware Ignore List.

  3. Click Add.

    The New Malware Ignore Item window opens.

  4. Enter a name for the Malware Ignore Item.

  5. Optional - Enter or edit one or more of these attributes of the Malware Ignore Item:

    • Description

    • Expiration Date - By default, the Malware Ignore Item is permanent.

  6. In the Malware Details section, click the + (plus sign) button.

  7. Enter the relevant Malware ID for the malware family.

  8. Optional - Add more malware IDs to the Malware Ignore Item.

  9. In the Vulnerable Entity section, select where to ignore the malware:

    • To ignore the malware from all entities in one or more Organizational Units, select Organizational Unit and enter the names of the Organizational Unit(s).

    • To ignore the malware from all entities in one or more Environments, select Environment and enter the names of the Environment(s).

    • To ignore the malware from one or more specific entities, select Entity Name or Entity ID and enter the names or IDs of one or more Entities.

  10. Click Save.

  1. From the left menu, expand Risk Management > expand Toxic Combinations.

  2. Click Malware Ignore List.

  3. Click the name of the Malware Ignore Item.

    A sliding window opens.

  4. Edit the Malware Ignore Item.

  5. Click Save.

  1. From the left menu, go to Risk Management > Toxic Combinations.

  2. Click Malware Ignore List.

  3. Select the checkbox to the left of the name of the Malware Ignore Item.

  4. Click Delete.

  5. In the confirmation window, click Delete.