This article covers how risk scores are determined on the Alerts page in Red Canary.
Estimated reading time: 10 minutes
Alert risk scores are based on values that you can set in your Red Canary Risk Scoring settings.
Alert Risk Scoring enable you to quickly distinguish between a Low Severity/Informational type alerts and a High Severity alerts. Having risk scores associated with each alert also enables you to put alerts into the best order. For example, if 2 endpoints are both showing High Severity alerts, risk scores can help you to more easily determine which endpoint to look at first based. Risk scoring also enables you to quickly triage and take action against your External Alerts.
Default Risk Scoring values
Risk scores are set by default in Red Canary and should suffice in most cases. However, you can change Risk Scoring values to fit your organization's needs. Here are the defaults:
- High Severity Alert = 10
- Medium Severity Alert = 3
- Low Severity Alert = 1
- Informational Severity Alert = 0
- Unknown Value Alert = 3
You'll risk scores when you open individual alerts from the Alerts tab in Red Canary:
Set Risk Scoring
- Click your user icon at the top right of your Red Canary, and then click Risk Scoring. The Risk Scoring page opens, which includes Risk Threshold.
- Set a Risk Threshold.
- Assign a numeric value to each level of risk.
For more information about alerts, please check out the following articles: