Creating an Equation

Admins can create an equation that can be leveraged by a priority to produce a custom score. The process for creating an equation consists of two major steps:

Equation Properties: The tab in which the name, description, and (when applicable) what clients the equation applies to are entered.
Equation Builder: The tab where the user selects and configures the variables of the equation that determines the contextual score.

Part 1: Equation Properties Tab

Step 1: From the Admin Dashboard, click Contextual scoring.

Step 2: Click Create Equation.

Step 3: Select if starting from the tenant default priority equation or another equation. When finished, click Create.

Step 4: On the "Edit basic information" tab, enter an equation name and description.

If priorities are configured for all tenants, client-specific configuration options will not appear and users will proceed to Step 9.

Step 5: Identify if the equation will apply to all clients in the tenancy that currently have no equation assigned or if this will apply to a specific client.

If this equation applies to all clients, skip to Step 9.

Step 6: If client-specific, click Select clients and search, scroll, or use filter options to find the desired client.

Step 7: Click Select.

Step 8: Click Save at the bottom right of the page.

Step 9: Click Continue at the bottom right of the page.

The "Edit variables and equation" second tab appears, which is the equation builder tab.

Part 2: Equation Builder Tab

The equation builder tab consists of three sections/boxes:

Box 1 - Score Equation: This box displays the current equation and allows users to modify it by dragging variables on/off the box.

Box 2 - Available Equation Variables: This box lists the available variables that can be leveraged to update the current equation shown in Box 1.

Box 3 - Variable Configuration: When a variable in Box 1 is clicked or selected from the pulldown menu at the top of Box 3, this box provides further details that can be used to define how the variable is utilized in the equation. These details include additional properties and business rules.

Possible Equation Variables

The screenshot below captures all of the variables available to be used in a priority equation:

The list of possible variables is the same for all equations, although their location in Box 1 and Box 2 may differ by equation.

The equation displayed in Box 1 and the set of variables in Box 2 when creating an equation are dictated initially by the choice to build the equation from the default or an existing equation.

Equation Weight

The total equation weight must always equal 100%. The current allocation is listed above the equation.

Variable weights can be edited either directly in the box of the variable are in Box 3 on the right of the page in the "Variable weight" section.

To calculate the score for each variable in the equation, multiply the weight of the variable by the highest rule score and then divide the result by 100. For instance, if the weight of a variable is 50% and the highest rule score is 90, the score for that variable would be 50 * (90/100) = 45.

If the total allocation for variables does not equal 100%, the total equation weight value in Box 1 will turn red to indicate an error, and an error message will appear if attempting to save the equation.

Variables can be included with an assigned 0% weight, but these will be ignored in the equation and have the same result as not existing in the equation at all.

Resetting to Default

PlexTrac provides a default equation out of the box that cannot be deleted, although it can be edited. This equation becomes the tenant default that can be used as a template or starting point to create additional equations.

Any other equation can be reset to that default equation at any time by clicking the kebob menu in the box of the equation and clicking Reset to default PlexTrac equation.

Equation Use Cases

Many variables and scenarios are possible with the equation builder. Below are a few examples that cover various aspects of the functionality that demonstrate the multiple ways equations can be leveraged to specific client or tenant needs.

When configuring an equation, any errors will not be visible until the user clicks Save. After that initial action, however, error messages are provided dynamically as the equation is worked on.

Adding a Variable

Scenario: The user needs to add an asset type of "Server" to an existing equation.

Step 1: Click the Asset type variable in Box 2 (Available Equation Variables), drag it up to Box 1 directly above and place it in the equation.

Step 2: Click Save. An error notification appears both in the equation and as a message because an operator variable is needed between the variables Asset type and Asset criticality.

All field variables need to be separated by an operator.

Step 3: Click the operator variable in Box 2, drag it to Box 1, and place it where the error notification was displayed between the variables Asset type and Asset criticality.

The error is resolved, and the message disappears.

Step 4: The next step is to set the variable attribute with the correct value. Click the Asset type variable or select it from the pulldown menu in Box 3.

Step 5: Select the "Sever" asset type value from the pulldown menu for Rule 1.

Step 6: The next step is to give Asset type some weight to the equation, or else it will be ignored, as all added variables default to 0%. Change the "Variable weight" value to 10%. The variable in the equation will dynamically update.

Step 7: Identify how many points the variable will receive if the business rule is met by adding 75 to the "out of 100" box at the bottom of the rule.

Step 8: Since the total equation weight is now over 100% with the new variable being updated to 10%, another variable must be reduced to compensate. Note that the total equation weight is currently at 110% and in red, denoting an error. An error message is also provided.

Click Source data and change its weight from 80% to 70% so that the total of all four variables equals 100%.

Step 9: The equation is now ready to be executed. Click Save.

Removing a Variable

Scenario: The user must remove the CVSS 3.1 score from an existing equation.

Step 1: Click Finding score (CVSS 3.1)in Box 1, drag it to Box 2, and unclick the mouse.

The equation no longer includes that variable, and CVSS 3.1 is now listed as available in Box 2.

Step 2: Because the total equation weight must equal 100% and 10% of that weight was removed in Step 1, the remaining variables must be adjusted to compensate. Click Source data, and add 10% to the existing set weight so that it is increased from 70% to 80%.

Step 3: The next step is to remove an operator variable, as an equation cannot end with an empty operator.

Select the operator at the end of the formula, drag it to Box 2 and release. The error message disappears.

Step 4: Click Save.

Editing a Business Rule

Scenario: The user needs to add a business rule to account for files from Snyk.

Step 1: Click Source data on the equation.

Step 2: All business rules and parameters for Source data appear in Box 3 on the far right of the page. Currently, a business rule only exists for HackerOne. Click Add rule.

Step 3: Working now under Rule 2, select the source data value "is added from integrations" from the pulldown menu.

Step 3: Select "Snyk" as the integration source in the following pulldown menu.

Step 4: Give Rule 2 a weight of 45 out of 100 points.

Step 5: Click Save.

PreviousContextual Scoring NextManaging Equations

Last updated 1 day ago