Replies: 1 comment
-
|
Hi @Castelias, if you don't want the related alerts data to be considered in the scoring you should simply delete that input from the scoring module, or set the ScoreMultiplier to 0. If you delete the input, you won't see anything about related alerts in the output of the scoring module. If you set the ScoreMultiplier to 0 you will still see it, but the calculated score will always be 0 regardless of the input data. I would tend to think just removing it is the better option here. Setting ScorePerItem to false changes the behaviour of the scoring for alert severities but it doesn't prevent it from being scored. Specifically, it only evaluates the highest severity alert (max score) for the purposes of severity based scoring instead of all alerts (sum of all scores). There is no change to MITRE based scoring based on the ScorePerItem setting, all related tactics will be scored regardless. |
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
-
Hello I want to tinker a bit with related alerts in stat, i turned it off ( i think ) by setting ScorePerItem to false, but still some related alerts go thru, like MITRE. Is there a way to turn those off too? or maybe i should just totally delete this part of scoring module?
Beta Was this translation helpful? Give feedback.
All reactions