In this article:
Rule Builder is available with a paid SecurityScorecard plan. See our plans page for more information about levels of features and access.
How Rule Builder works
You configure rules to trigger actions in response to events in specific Scorecards, such as a score change or breach. We detect Scorecard events on a daily basis.
For example, you create a rule that alerts you every time a new high-severity issue appears in a given portfolio.
Build a rule for any use case
Your rules can help your team respond to any specific use case, such as the following:
Set score standards for a portfolio
Alert your team to investigate if a portfolio Scorecard falls below a minimum score threshold.
Example: If one of my Tier 1 vendors drops below a B, notify me so that I can take appropriate
action.
Automatically share reports
Share a report in Reporting Center when a Scorecard event occurs, so that the appropriate team or business unit is automatically notified that a vendor is out of compliance with security standards.
Example: When a company we work with is breached, share a Summary Report with the business unit responsible for maintaining the vendor relationship.
Automatically move a Scorecard to a portfolio
Automatically move a Scorecard to another portfolio if it meets certain conditions, so that you and your team know which Scorecards require review or action every time you log into the platform
Examples:
- When a Scorecard drops below a B, move the Scorecard to an At Risk portfolio for deeper investigation.
- When a company we work with is breached, move the Scorecard to a Breaches portfolio so that we can easily report on all breached vendors.
- When a new high-severity issue is detected on a Tier 1 vendor scorecard, move the Scorecard to a Needs Review portfolio, so that we can quickly identify and address issues that need to be fixed.
Set up a rule
- In SecurityScorecard, click your profile avatar in the top-right corner, and select My Settings.
- Select the Rules tab in the My Settings panel.
- Click Create Rule.
- Name your rule
- Select an event to trigger an action.
- Select Scorecards to apply the rule to.
- Select the action to automate when the event occurs.
- Optional: Click the Priority checkbox if you want rule notifications to appear in the Prioritized section of your platform Notifications.
- Save and view your rule and last triggered date.
Afterward, each new occurrence of your selected event triggers your selected action.
Understand Scorecard events
Learn how different events work so that you can pair them with actions.
Event | Description |
New issue by app signal | A signal from one of our partners, such as:
|
New issue by severity level | A new score-impacting issue with a high, medium, or low severity level |
New issue by issue type | A finding for a specific issue type, such as:
|
Overall letter grade change |
A rise or drop in a Scorecard's overall letter grade against a certain threshold, such as:
|
Overall numeric score change |
A rise or drop in a Scorecard's overall numeric score against a certain threshold, such as:
|
Overall numeric score change by percentage |
A rise or drop in a Scorecard's overall numeric score by percentage, such as:
|
Factor letter grade change |
A rise or drop in a factor letter grade against a certain threshold, such as:
|
Factor numeric score change |
A rise or drop in a factor's numeric score against a certain threshold, such as:
|
Factor numeric score change by percentage |
A rise or drop in a Scorecard's factor numeric score by percentage, such as:
|
Understand rule actions
Learn how actions work so that you can create the best response to an event.
Action | Description |
Add to portfolio |
Copy the affected Scorecard to another portfolio while also keeping it in the original portfolio. As the owner of the rule, you receive a notification of the event in the Daily Digest email and in the Notifications section of the platform. |
Remove from portfolio | Remove the affected Scorecard from a specified portfolio. |
Share report |
Generate a Summary or Detailed report in Report Center and email a notification of its availability to a specified address. As the owner of the rule, you receive a notification of the event in the Daily Digest email and in the Notifications section of the platform. |
Send alert (Only available to SSC administrators) |
Email an alert yourself or a teammate. In the latter case, as the owner of the rule, you receive a notification of the event in the Daily Digest email and in the Notifications section of the platform. |
Send questionnaire |
Specify an Atlas questionnaire to send to the affected Scorecards. As the owner of the rule, you receive a notification of the event in the Daily Digest email and in the Notifications section of the platform. |
Send a web request |
Use webhooks to generate automated messages sent from apps. |
Use an action from a partner app or integration |
Specify an action from an app or integration that you install from Integrate360° Marketplace, such as: |
FAQ
How do I turn off email notifications?
You can opt-out of receiving email notifications at any time by turning off the “Email Me Daily Updates” toggle in the Alerts section of the platform.
Are there any known limitations with Rule Builder?
- Currently, there is a maximum limit of 25 rules that can be created for any one user logged into the platform.
- Rule notifications are limited to Scorecards of registered domain names and will not trigger for Custom Scorecards as scoring events are not available for Custom Scorecards.