- Get Started with Threat Center
- Threat Center
- Threat Center Permissions
- Threat Center Alerts: Read
- Threat Center Alerts: Read, Write, and Delete
- Threat Center Cases: Read
- Threat Center Cases: Read, Write, and Delete
- Threat Center Detection Grouping Rules: Read
- Threat Center Detection Grouping Rules: Read, Write, and Delete
- Threat Center Watchlist: Read
- Threat Center Watchlist: Read, Write, and Delete
- Threat Center Cases
- Threat Center Alerts
- Threat Center Detections
- Threat Center Risk Score
- Monitor Entities of Interest in Threat Center
- Group Detections
- Work on Cases
- Work on Alerts
- Edit and Collaborate in Threat Center
- Use Automation Tools in Threat Center
- Find Cases and Alerts
- Sort Cases or Alerts
- Filter Cases or Alerts
- Search for Cases or Alerts in Threat Center
- Build a Search in Threat Center
- Enter a Search Using Exabeam Query Language in Threat Center
- Enter a Search Using Natural Language in Threat Center
- Run a Recent Search in Threat Center
- Create a New Saved Search in Threat Center
- Run a Saved Search in Threat Center
- Edit a Saved Search in Threat Center
- Delete a Saved Search in Threat Center
- View Case and Alert Metrics
- Get Notified About Threat Center
- Threat Center APIs
Risk Scores in the Exabeam Security Operations Portfolio and Fusion Licenses
Learn how risk scores are calculated with the Exabeam Security Operations portfolio and Fusion licenses.
With the Exabeam Security Operations portfolio and Fusion licenses, the risk score is calculated based on Advanced Analytics risk scores and correlation rule severity.
The case or alert risk score is a sum of their detection risk scores. By default, the case or alert risk score determines the alert or case priority:
Critical – The risk score is greater than or equal to 75.
High – The risk score is less than 75 and greater than or equal to 50.
Medium – The risk score is less than 50 and greater than or equal to 25.
Low – The risk score is less than 25.
If you change the alert or case priority, the risk score remains the same.
A correlation rule detection risk score is determined by the correlation rule severity:
Critical – The detection is assigned a risk score of 100.
High – The detection is assigned a risk score of 75.
Medium – The detection is assigned a risk score of 50.
Low – The detection is assigned a risk score of 25.
None – The detection is assigned a risk score of zero.
An Advanced Analytics detection risk score is a sum of the associated triggered rule risk scores.