Trust Score Settings

An overview of Trust Score Settings

  • Updated on May 21, 2024
  • 4 minutes to read
  • Contributors

Set Trust Level Expiration

If a device does not submit its Trust Factors for the specified numbers of hours, the Cloud Secure Edge (CSE) cannot compute an up-to-date Trust Level and so automatically sets the device’s Trust Level to Always Deny.

In the Command Center, navigate from Settings > Banyan Client > Trust, and set the number of hours before devices’ Trust Levels expire.

Note: By default, Trust Level Expiration is set to ‘0’. If the Trust Level expiration is left at this default value (i.e., 0), then the associated devices’ Trust Levels will never expire.

Configure API Override Factors

CSE always enforces the strictest allowed Trust Level. For example, if the external factor is AlwaysDeny but the Trust Level is Low, the AlwaysDeny will be enforced.

Using the Set Max Trust Level endpoint, you can seamlessly incorporate external factors (such as third-party SEIM or other security monitoring tools) to influence a device’s Trust Level in real time.

Simply configure your third-party tool to POST /set_max_trust_level, including the query parameter (Email or SerialNumber) that needs to be updated. For the request headers, include the Authorization: Bearer $AUTHTOKEN and ContentType: application/json. This json payload includes the Level (AlwaysDeny, Low, Medium, High, AlwaysAllow), Reason (explanation displayed to the admin in the Command Center and to the end user in the CSE app), and ExtSource (name of the external source, such as CarbonBlack, CrowdStrike, etc.)

The example json below shows a payload sent from CarbonBlack to CSE after discovering malware associated with a user and/or device.

{
    "Level": "AlwaysDeny",
    "Reason": "Known malware MWS-2019-9842 detected on device - quarantine action taken.",
    "ExtSource": "CarbonBlack"
}

In this example, the Trust Level automatically drops to Always Deny and the device cannot access CSE-protected resources.