[IMPROVEMENT REQUEST] Add risk score field to each rule in Endgame

kdawg · September 28, 2020, 5:10am

Feature request

Describe the feature: Add a field to Endgame rules to include a risk score to show when the rule is triggered, this will assist with prioritizing these alerts.

Description of the problem:
When many different types of alerts appear it is difficult to prioritise which to look at first or to easily identify if they that signal is a critical risk.
The alerts should have this identifier to assist analysts in identifying which rules could be the most likely to detect malicious behaviors.

Additional Notes:
This risk score should also have a column in the lists for Threats and Adversary Behaviors so that it can be sorted by this number.
This would be similar to the risk score for the SIEM signals.

bradenpreston · September 28, 2020, 7:06pm

@kdawg - thank you for the feature request and additional information. We appreciate you using Endgame. We have logged the enhancement request.

Today we offer the ability to set the severity (high, medium, or low.) Adding a risk score would be a nice enhancement.

system · October 26, 2020, 7:06pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Security Rules with Endgame get an error Endpoint Security	4	824	November 22, 2022
Alerting and customizing SIEM app SIEM	12	1207	July 23, 2020
Issue with rules creation SIEM detection-rules	15	1717	May 5, 2022
Considerations about default terms agg for Elastic SIEM Detections histogram SIEM	2	362	July 13, 2020
False Positives in the 1000's SIEM	2	503	October 21, 2021

[IMPROVEMENT REQUEST] Add risk score field to each rule in Endgame

Related topics