Issue
How are the Risk Scores determined in the External Alerts page in Red Canary?
Environment
Red Canary
External Alerts
Resolution
External Alert Risk Scores are based on the default values that are set in your Red Canary "Risk Scoring" settings. These settings can be found by clicking on your user icon on the top right of the page and selecting "Risk Scoring."
Risk Scoring values can be changed to fit your organization's needs. However, the default values should work in most cases.
The default Risk Scoring values are as follows:
- High Severity Alert = 10
- Medium Severity Alert = 3
- Low Severity Alert = 1
- Informational Severity Alert = 0
- Unknown Value Alert = 3
Risk Scores allow you to quickly distinguish between a Low Severity/Informational type alerts and a High Severity alerts. Having Risk Scores associated with each External Alert also allows you to put those alerts into the right order. For example, if 2 endpoints are both showing High Severity alerts, you can now easily determine which endpoint to look at first based on that endpoint's cumulative Risk Score. Risk scoring also gives you the ability to quickly triage and take action against your External Alerts.
NOTE: If you would like to know more about how External Alerts, please read our articles: