[IMPROVEMENT REQUEST] Add risk score field to each rule in Endgame

kdawg · September 28, 2020, 5:10am

Feature request

Describe the feature: Add a field to Endgame rules to include a risk score to show when the rule is triggered, this will assist with prioritizing these alerts.

Description of the problem:
When many different types of alerts appear it is difficult to prioritise which to look at first or to easily identify if they that signal is a critical risk.
The alerts should have this identifier to assist analysts in identifying which rules could be the most likely to detect malicious behaviors.

Additional Notes:
This risk score should also have a column in the lists for Threats and Adversary Behaviors so that it can be sorted by this number.
This would be similar to the risk score for the SIEM signals.

bradenpreston · September 28, 2020, 7:06pm

@kdawg - thank you for the feature request and additional information. We appreciate you using Endgame. We have logged the enhancement request.

Today we offer the ability to set the severity (high, medium, or low.) Adding a risk score would be a nice enhancement.

system · October 26, 2020, 7:06pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.