Alert risk scores are based on values that you can set in your Red Canary Risk Scoring settings.
Alert Risk Scoring enables you to quickly distinguish between Low Severity/Informational type alerts and High Severity alerts. Having risk scores connected with each alert enables you to prioritize alerts. For example, if two endpoints both show High Severity alerts, risk scores can help you more easily determine which endpoint to look at first. Risk scoring also enables you to quickly triage and take action against your External Alerts.
Default Risk Scoring values
Risk scores are set by default in Red Canary and should suffice in most cases. However, you can change Risk Scoring values to fit your organization's needs. Here are the defaults:
- High Severity Alert = 10
- Medium Severity Alert = 3
- Low Severity Alert = 1
- Informational Severity Alert = 0
- Unknown Value Alert = 3
You will risk scores when you open individual alerts from the Alerts tab in Red Canary:
Set Risk Scoring
- Click your user icon at the top right of your Red Canary, and then click Risk Scoring. The Risk Scoring page opens, which includes Risk Threshold.
- Set a Risk Threshold.
- Assign a numeric value to each level of risk.
For more information about alerts, please check out the following articles: