Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Incident Scoring Rules Overview

Use incident scoring rules to score the risk of an incident by verifying that the indicators of compromise are already blocked from execution or mitigated by other events that contributed toward this incident. Rules comprise the following elements:

  • Condition—The matching condition available for any field type are mitigated by another event and not mitigated by another event.

  • Action—An action is a response to an incident. You can raise or lower the severity, set the severity value, or skip the remaining rules.

To access this page, select Juniper Security Director Cloud > Shared Services > Insights > <Rules> Incident Scoring Rules.

Field Descriptions

Table 1: Fields on the Incident Scoring Rules Page

Field

Description

Rule Name

Specifies the name of the rule.

Rule Description

Specifies the condition applied for the rule.

Match Any/All Rules

Specifies the match criteria set for the rule.

Actions

Specifies the action to be taken when the condition of a rule is met.

Status

Specifies the status of the rule, whether enabled or disabled.

Enable or Disable

Click to enable or disable an incident scoring rule.

Related Documentation