Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

About the Incident Scoring Rules Page

To access this page, select Configure > Insights > Incident Scoring Rules.

Use incident scoring rules to score the risk of an incident by verifying that the indicators of compromise are already blocked from execution or mitigated by other events that contributed toward this incident. Rules comprise the following elements:

  • Condition—The only matching condition available for any field type is mitigated by another event.

  • Action—An action is a response to an incident. You can raise or lower the severity, set the severity value, or skip the remaining rules.

Tasks You Can Perform

You can perform the following tasks from the Incident Scoring Rules page:

Field Descriptions

Table 1 provides guidelines on using the fields on the Incident Scoring Rules page.

Table 1: Fields on the Incident Scoring Rules Page

Field

Description

Rule Name

Specifies the name of the rule.

Rule Description

Specifies the condition applied for the rule.

Match Any/All Rules

Specifies the match criteria set for the rule.

Actions

Specifies the action to be taken when the condition of a rule is met.

Status

Specifies the status of the rule, whether enabled or disabled.