In order to represent the overall risk of an organization in a mathematically fair way, risk index is calculated using the risk scores of a sample asset set. High-risk assets have higher weight in the calculation algorithm. If the company has high-risk assets but also medium or low-level assets, resolving medium or low-level events will have small impact on risk index. Therefore, it is recommended to handle high-risk events associated with high-risk assets first which will significantly reduce risk index.

Currently, there is no option to directly close low-risk level threat detections in the UI. While these events pose minimal risk and do not require immediate attention, you may still prefer to close them. If risk index is over 30, these low-risk events will have little impact on their overall risk index. If you wish to close low-severity events, contact Trend Micro Support to help to remove it from backend. It is important to note that this only applies to events that have already been generated. If a similar low-risk event is detected by Trend Vision One in the future, it may generate a new event. Trend Micro is working to implement a close function for all events in the future.

If a user takes actions in Risk Insights UI which may impact risk index, closing some risk events for example, Risk Insights will re-calculate the risk index as soon as possible to reflect the changes. Otherwise, it is generally re-calculated every 4 hours.

To answer this question, refer to the whitepaper article, More than a number: your risk score explained and recent Risk Index Algorithm Updates.