5.4 Capabilities: Scoring

Updated 4 months ago by TruSTAR

The Intelligence Pipeline generates a single prioritized score for Indicators or Events. TruSTAR provides two capabilities for managing those scores within workflows. 

Indicator Scoring

The Intelligence Pipeline generates a single priority score for Indicators. You can fine-tune these priority scores within workflows by assigning weights to the intelligence sources used as input into the Indicator Prioritization workflow. This can help reduce false positive alerts by tightly managing the fidelity of the indicators you import into your workflow tools. 

Event Scoring

Priority scoring of events such as log events or SIEM alerts enables you to build automation processes into triage workflows, extending the orchestration and response capabilities of SOAR tools.

How Did We Do?