Skip to main content

Outcomes NavigatorOutcomes Navigator Guide

Use Case Coverage Score

Quickly understand the efficacy of your configuration in protecting against Exabeam use cases.

The Use Case Coverage Score is a metric of how well your environment is configured to protect against use cases, also known as your environment's coverage. At a glance, you can summarize the strength of your protection without analyzing the numbers and details yourself.

The Use Case Coverage Score may describe all use cases or a specific use case.

Overall Use Case Coverage Score

The overall Use Case Coverage Score is a metric of how well your environment is configured to protect against all use cases across the board.

The score is the average Use Case Coverage Score across all unhidden use cases. The average is calculated by:

Equation 1. 
A=SNA=\frac{S}{N}


where A is the average, S is the sum of all Use Case Coverage Scores across all unhidden use cases, and N is the total number of all unhidden use cases.

The overall Use Case Coverage Score is calculated once per day.

You can view your overall Use Case Coverage Score, when it was last calculated, and a chart depicting trends in the score over a one-month, three-month, or six-month period in a summary of your use case coverage.

If the chart depicts the overall Use Case Coverage Score over a one-month period, each bar represents the average overall Use Case Coverage Score for a given a week. This average is calculated by:

Equation 2. 
A=SNA=\frac{S}{N}


where A is the average Use Case Coverage Score for a given week, S is the sum of daily overall Use Case Coverage Scores calculated in the week, and N is the number of times the daily overall Use Case Coverage Score has been calculated in a given week.

If the chart depicts the overall Use Case Coverage Score over a three-month or six-month period, each bar represents the average overall Use Case Coverage Score for a given month. This average is calculated by:

Equation 3. 
A=SNA=\frac{S}{N}


where A is the average Use Case Coverage Score for a given month, S is the sum of weekly overall Use Case Coverage Scores calculated in the month, and N is the number of times the weekly overall Use Case Coverage Score has been calculated in a given month.

Use Case Coverage Score for a Specific Use Case

The Use Case Coverage Score for a specific use case is a metric of how well your environment as a whole is configured to protect against a specific use case.

For a given use case, the score aggregates the coverage scores of all Exabeam applications and features Outcomes Navigator assesses, including Advanced Analytics rules, correlation rules, analytics rules, and Dashboards. Your score for a given use case is a weighted average of coverage scores across all Exabeam applications and features.

The weight of each Exabeam application or feature is determined by the count of Exabeam features. The weight of a given Exabeam application or feature is calculated by:

Equation 4. 
W=NTW=\frac{N}{T}


where W is the weight of a given Exabeam application or feature; N is the number of the Exabeam feature in question, for example, 50 analytics rules or 25 dashboards; and T is the total number of Exabeam features across all Exabeam applications.

The average is calculated by:

Equation 5. 
A=(SAWA)+(SBWB)+(SCWC)A=\left(SA\cdot WA\right)+\left(SB\cdot WB\right)+\left(SC\cdot WC\right)


where A is the average; SA, SB, and SC are the coverage scores of Exabeam applications or features A, B, and C, respectively, for a given use case; and WA, WB, and WC are the weights of Exabeam applications or features A, B, and C, respectively.

Because the Use Case Coverage Score is based on the amount and quality of data, the best way to improve your score is to configure a wider variety of relevant products and ensure the values in the logs from those products are fully extracted. Follow recommendations to improve your Use Case Coverage Score directly in Outcomes Navigator. You can view recommendations only if you have a license that includes Advanced Analytics.