- Get Started with Threat Detection Management
- Analytics Rules
- Analytics Rule Classifications
- Create an Analytics Rule
- Manage Analytics Rules
- Tune Analytics Rules
- Share Analytics Rules
- Troubleshoot Analytics Rules
- Analytics Rules Syntax
- Advanced Analytics Rule Syntax vs. Analytics Rule Syntax
- Logical Expressions in Analytics Rule Syntax
- String Operations Using Analytics Rule Syntax
- Integer Operations Using Analytics Rule Syntax
- Time Operations Using Analytics Rule Syntax
- Network Operations Using Analytics Rule Syntax
- Context Operations Using Analytics Rule Syntax
- Entity Operations Using Analytics Rule Syntax
- Correlation Rule Operations Using Analytics Rule Syntax
- Analytics Engine Status
- Correlation Rules
- Threat Scoring
PrevNext
Threat Scoring
For each threat, the analytics engine calculates a numerical risk score. This score is visible for alerts and cases in Threat Center, helping you quickly assess threat levels and identify potentially malicious activity.
A single factor, such as rarity, is insufficient to assess risk. Therefore, we evaluate multiple factors to determine an accurate risk score.
The analytics engine evaluates and normalizes these scores on a 1–100 scale. As new detections are added or removed, it recalculates the risk score to ensure an up-to-date view of the threat level.