- Get Started with Threat Detection Management
- Analytics Rules
- Analytics Rule Classifications
- Create an Analytics Rule
- Manage Analytics Rules
- Tune Analytics Rules
- Share Analytics Rules
- Troubleshoot Analytics Rules
- Analytics Rules Syntax
- Advanced Analytics Rule Syntax vs. Analytics Rule Syntax
- Logical Expressions in Analytics Rule Syntax
- String Operations Using Analytics Rule Syntax
- Integer Operations Using Analytics Rule Syntax
- Time Operations Using Analytics Rule Syntax
- Network Operations Using Analytics Rule Syntax
- Context Operations Using Analytics Rule Syntax
- Entity Operations Using Analytics Rule Syntax
- Correlation Rule Operations Using Analytics Rule Syntax
- Analytics Engine Status
- Correlation Rules
- Threat Scoring
Adjust Analytics Rule Severity
To tune Threat Center case and alert risk scores, adjust the analytics rule severity.
Severity represents the severity of the threat that triggers an analytics rule.
Analytics rule severity is one of the business factors Threat Center uses to calculate a case or alert risk score. Each severity, from low to critical, has a corresponding weight that reduces or increases the risk score. The none severity doesn't affect risk scoring and can be used to test the analytics rule. When Threat Center calculates a risk score, it considers the highest severity of all analytics rule associated with detections grouped under the case or alert.
When Exabeam delivers updates to pre-built analytics rules, the severity you assign to the pre-built analytics rule persists.
In the Analytics Rules tab, select the analytics rules for which you're adjusting the severity:
To select a single analytics rule, click the More menu
, right-click the analytics rule, or select the checkbox for the analytics rule, then select Adjust Severity.To select specific analytics rules, select the checkbox for each rule, then select Adjust Severity.
To select all analytic rules in the list, click the checkbox in the header row, then select Adjust Severity.
Select the severity of the analytics rules:
None – Analytics rule is not used in risk scoring. Used for testing the analytics rule.
Low – Reduces risk score.
Medium – Doesn't adjust the risk score.
High – Increases risk score.
Critical – Significantly increases risk score.
Click Update.
If the analytics rules are enabled, the change is added to a batch of pending changes, and you must apply the change to your environment.