Security Policy Guide 24.4

The PCE displays V-E scores in the UI based on ransomware and vulnerability statistics it previously calculated and stored in a database.

If the stored data is stale (4 hours or older), the PCE recalculates the statistics and updates the V-E scores in the UI.

Toggling the Full Enforcement/Visibility Only options provides a side-by-side comparison of the effect of the different enforcement modes.

Because the PCE calculates and re-checks for new data periodically, the information in the UI may not immediately reflect the current V-E score.

API responses include the complete vulnerability data set for the different enforcement modes. V-E data for all modes is pre-processed and stored in a database to eliminate the performance impact that would result from frequent recalculation.

A V-E score is the calculated value based on the Vulnerability Score and Exposure Score = ∑ f (VS, ES). It can be shown for an individual vulnerability on a port for a single workload or as a summation of all the V-E Scores for an App Group, role, or workload.

Full Enforcement / Visibility Only V-E Score: Depending on the item's current enforcement mode, this column matches the Current V-E Score column or changes to show a different V-E score obtainable if the actual enforcement mode were changed.

Current V-E Score: The most recently calculated V-E score of the workload.