Expand description
Fields for describing risk score and risk level of entities such as hosts and users. These fields are not allowed to be nested under event.*. Please continue to use event.risk_score and event.risk_score_norm for event risk.
Constantsยง
- RISK_
CALCULATED_ LEVEL - A risk classification level calculated by an internal system as part of entity analytics and entity risk scoring.
- RISK_
CALCULATED_ SCORE - A risk classification score calculated by an internal system as part of entity analytics and entity risk scoring.
- RISK_
CALCULATED_ SCORE_ NORM - A risk classification score calculated by an internal system as part of entity analytics and entity risk scoring, and normalized to a range of 0 to 100.
- RISK_
STATIC_ LEVEL - A risk classification level obtained from outside the system, such as from some external Threat Intelligence Platform.
- RISK_
STATIC_ SCORE - A risk classification score obtained from outside the system, such as from some external Threat Intelligence Platform.
- RISK_
STATIC_ SCORE_ NORM - A risk classification score obtained from outside the system, such as from some external Threat Intelligence Platform, and normalized to a range of 0 to 100.