Threat Detection ManagementThreat Detection Management Guide

Adjust asset rating in Attack Surface Insights.

This can include applying tags and adjusting the Security Criticality for specific entities. The Security Criticality value directly influences the risk scoring for related threats. By classifying entities with the appropriate security criticality—Low, Medium, or High—you impact how their associated risk is calculated in alerts and case scores. This enables you to prioritize the most critical assets when assessing threat levels.

Define exclusion rules in Threat Detection Management.

You can define exclusions to prevent certain rules from triggering in specific scenarios. These exclusions can be applied across the entire rule base or to specific rules or rule families. By excluding rules based on certain conditions (such as event field values or context tables), you can refine the alerting process. This helps avoid unnecessary alerts, ensuring that the threat scoring remains focused on truly significant events. Exclusions directly impact the accuracy of threat detection and case scoring by reducing noise from irrelevant alerts. When you define an exclusion, you specify the conditions under which rules should not apply, minimizing false positives and enhancing the precision of your risk assessments.

Adjust context tables in Context Management.

Adjusting context tables enables you to enrich security event data with additional context, such as user attributes or IP addresses, which can directly influence threat scoring. By modifying the context data, you can fine-tune the correlation rules and alert thresholds. For example, adding custom attributes or adjusting existing ones allows you to refine scoring mechanisms by incorporating more specific conditions or risk factors. This integration of context data ensures that the rule scoring is dynamic and based on a holistic view of the network environment, improving the accuracy of threat detection and response.