Risk Assessment

Overview and How It Works

The Risk Assessment feature in AutoRABIT Guard provides a comprehensive, real-time scan of your Salesforce org's security posture, enabling you to quickly identify and address vulnerabilities.

Features of Risk Assessment

Security Score

Get a clear, overall compliance score that reflects how well your org aligns with the security baseline. This score is based on the number of noncompliant settings, calculated using a simple formula in which each setting is treated equally.

Immediate Insights

Once you connect your Salesforce org, the Risk Assessment runs automatically, evaluating settings to ensure they align with the baseline and identifying those that need attention. This process requires no manual configuration by you.

Categorized Risks

Risks You Can Resolve Automatically: Items that can be fixed directly within AutoRABIT Guard by clicking the Auto Fix button.
Risks You Can Resolve Manually: Items requiring manual changes in your Salesforce org, with clear guidance provided for resolution.

Baseline Comparison

AutoRABIT Guard compares your Salesforce org’s security settings against a predefined baseline (Salesforce's Health Check or a custom XML, if configured). Any misaligned settings are highlighted as risks.

Centralized View

The Risk Assessment is a one-stop shop for monitoring your org’s alignment with security best practices.

How the Risk Assessment Works

Triggering the Scan

The Risk Assessment scan is triggered in real time whenever:

The Risk Assessment page is loaded.
A new Salesforce org is registered with Guard.
The page is refreshed, executing the scan again.

Where the Baseline Is Stored

The scan is always performed live, and the results are stored in memory, not in a database. The scan is not automatic—it’s executed when you actively view it.

How the Baseline Is Determined

The baseline (or recommended values) for security settings comes from Salesforce's Health Check. Salesforce allows users to define custom baseline configurations by uploading an XML file. If no custom XML is uploaded, the default Salesforce Health Check baseline is used.

Example of a custom XML configuration:

Customizing the Risk Assessment

Customers can configure the Risk Assessment by uploading a custom XML to Salesforce. For example, if a customer wishes to treat certain settings (like PasswordPolicies.minPasswordLength) as a warning rather than critical, they can modify the custom XML.

Auto-Resolve Functionality

Certain issues, like PasswordPolicies and SessionSettings, can be automatically resolved with a single click. These settings are updated via the Tooling API, not the SecurityHealthCheckRisks API.

Settings that can be auto resolved:

Password Policies (e.g., min password length, max login attempts)
Session Settings (e.g., session timeout)

Other settings, like sharing settings or file upload configurations, require manual intervention because they involve more customer-specific decision-making.

Adding Custom Settings to the Risk Assessment

While customers cannot add their own custom settings, AutoRABIT has included two additional settings beyond the Salesforce Health Check. More settings may be added in future releases based on customer feedback and evolving use cases.

Understanding the Risk Assessment Score

The Risk Assessment feature calculates an overall score based on the number of settings that are noncompliant. The score is determined by the following formula:

Compliance Score = (Number of compliant settings) / (Total number of settings)

This score is a simple percentage, with no weighting applied to individual settings. In future releases, we may introduce weighted scoring for certain critical settings.

Why the Score May Differ from Salesforce Health Check

While the Risk Assessment is based on Salesforce Health Check, there are a few reasons the scores might differ:

We don’t use weighted scores, so each setting is treated equally.
The Risk Assessment includes additional settings that are not part of the Salesforce Health Check, which can affect the score.

How to Use the Risk Assessment

Connect Your Salesforce Org

Once your Salesforce org is connected to AutoRABIT Guard, the Risk Assessment will automatically perform a scan.

Review the Results

The results are presented in an easy-to-read table with the following columns:

Setting: The security setting being evaluated (e.g., PasswordPolicies.minPasswordLength).
Category: The category the setting belongs to (e.g., password policies, session settings).
Recommended Value: The value that aligns with the security baseline.
Current Value in Org: The actual value currently set in your Salesforce org.
Status: Whether the setting meets the baseline or requires action.

Take Action

Auto-Fix Issues: Click the “Auto Fix” button to automatically resolve the issue.
Manual Fixes: Follow the provided guidance to make manual updates to your Salesforce org.

Reassess Anytime

You can re-run the Risk Assessment at any time to ensure your org remains aligned with the security baseline.

Why It Matters

The Risk Assessment helps you:

Quickly identify and resolve vulnerabilities: Address security risks before they become issues.
Maintain compliance with security best practices: Keep your Salesforce org secure and compliant.
Save time by automating fixes: Automatically resolve certain security issues with a single click.
Centralize all security insights: View all your security data in one place to simplify management and decision-making.

By using the Risk Assessment feature in AutoRABIT Guard, you ensure your Salesforce org remains secure and aligned with both Salesforce’s best practices and your organization’s security policies.

PreviousGuard NextPermissions Explorer

Last updated 1 month ago

Was this helpful?