Open ghost opened 6 years ago
Hey @michaelschratt -- the threat score is interesting. Teams usually prioritize cases based off a simple High/Medium/Low severity classification, but having a dynamically calculated score, that ranges from 0-100, could help ensure everyone is working on the most important thing, all the time.
Just curious - how are you computing your threat score?
Request Type
Feature Request
Description
Create a second alert pane where alerts can be added in a more "security event"-like format. E.g.
This would also allow to have high quality custom alerts fed from Splunk or any other source to be managed in TheHive and tracked through Cases. The Threat Score can be calculated dynamically to always have your analysis efforts focused on the most important alerts. I have already experimented with different numerical series and summation methods - resulting in the threat score.
Additional to the alert view there should be a host view. In this view you should see aggregated statistics about the host's alerts. Analysts could use this as tool to identify the attack scope.
Let me know what you think. It would be nice to see how analysts can feed alerts regarding e.g. the Cyber Analytics Repository into TheHive.
Michael