search

SecurityRiskAdvisors / VECTR

VECTR is a tool that facilitates tracking of your red and blue team testing activities to measure detection and prevention capabilities across different attack scenarios
1.4k stars 165 forks source link

Add Critical and Informational to Alert Priorities #236

Open tamenzel opened 1 year ago

tamenzel commented 1 year ago

Some alerts are actually higher than high and some are lower than low. Would it be possible to add a "Critical" and "Informational" alert priority to the existing "High", "Medium", & "Low" alert priorities?

This is a feature request

Expected behavior When Blue Team notes that a test "Alerted", 5 alert levels would show up in this order "Critical", "High", "Medium", "Low", "Informational

Screenshots Current image

New image

Desktop (please complete the following information):

Additional context Many security endpoint tools such as Crowdstrike and Symantec have those additional severities so this would make things easier for the Blue Team. And hey Purple teaming is all about helping the Blue Team, right?

SRAPSpencer commented 1 year ago

Any outcome related changes require a good amount of discussion. Noted for future consideration.

DEFCESCO commented 9 months ago

Our team requests the critical and informational priorities to be added, as well. This would allow blue and red teams to align their outcomes to VECTR’s reporting.