- Get Started with Outcomes Navigator
- Use Outcomes Navigator from a MITRE ATT&CK® Perspective
- Use Outcomes Navigator from a Threat Detection, Investigation, and Response (TDIR) Use Case Categories Perspective
- View Recommendations for Improving Your Configuration
- Share Information in Outcomes Navigator
- Outcomes Navigator Coverage Calculation
- Outcomes Navigator Parser Calibration Tier Average Calculation
Use Case Coverage Score
Quickly understand the efficacy of your configuration in protecting against an Exabeam use case.
The Use Case Coverage Score is a metric of how well your environment as a whole is configured to protect against a use case, also known as your environment's coverage. At a glance, you can summarize the strength of your protection without analyzing the numbers and details yourself.
The Use Case Coverage Score aggregates the coverage levels of all Exabeam applications or features Outcomes Navigator assesses, including Advanced Analytics rules, Correlation Rules, and Dashboards. Your score for a given use case is determined by the percentage of possible parsed fields across all Exabeam applications or features that your environment actively parses:
Best – Your environment actively parses 75 to 100 percent of all possible parsed fields relevant to the use case.
Better – Your environment actively parses 50 to 74 percent of all possible parsed fields relevant to the use case.
Good – Your environment actively parses one to 49 percent of all possible fields relevant to the use case.
None – Your environment doesn't parse any fields relevant to the use case.
To determine the fields your environment actively parses across all Exabeam applications or features for a given use case, Outcomes Navigator takes the union of all possible parsed fields across Exabeam applications or features and compares it to the fields your environment actively parses for the use case.
The percentage is calculated by:
where P is the percentage, AF is the number of fields your environment actively parses across all Exabeam applications or features for the use case, and TF is the number of fields in the union of all possible parsed fields across Exabeam applications or features for the use case.
Since the Use Case Coverage Score is based on the amount and quality of data, the best way to improve your score is to configure a wider variety of relevant products and ensure the values in the logs from those products are fully extracted. Follow recommendations to improve your Use Case Coverage Score directly in Outcomes Navigator.