- Get Started with Threat Center
- Group Detections
- Work on Cases
- Triage Alerts in Threat Center
- Edit and Collaborate in Threat Center
- Find Cases or Alerts
- Build a Search in Threat Center
- Enter a Search Using Exabeam Query Language in Threat Center
- Enter a Search Using Natural Language in Threat Center
- Run a Recent Search in Threat Center
- Create a New Saved Search in Threat Center
- Run a Saved Search in Threat Center
- Edit a Saved Search in Threat Center
- Delete a Saved Search in Threat Center
- Sort Cases or Alerts
- View Case and Alert Metrics
- Get Notified About Threat Center
Threat Center Risk Score
Quickly understand the risk level of a detection, alert, or case.
A risk score is a measure of how risky a detection, alert, or case is. At a glance, you can better prioritize your efforts and decide whether you should spend time and resources on a case or alert.
The alert or case risk score is a sum of their detection risk scores. By default, the alert or case risk score determines the alert or case priority:
Critical – The risk score is greater than or equal to 75.
High – The risk score is less than 75 and greater than or equal to 50.
Medium – The risk score is less than 50 and greater than or equal to 25.
Low – The risk score is less than 25.
If you change the alert or case priority, the risk score remains the same.
A correlation rule detection risk score is determined by the correlation rule severity:
Critical – The detection is assigned a risk score of 100.
High – The detection is assigned a risk score of 75.
Medium – The detection is assigned a risk score of 50.
Low – The detection is assigned a risk score of 25.
None – The detection is assigned a risk score of zero.