Scoring Update - MDCA Enhancements

briandelmsft / STAT-Function

Azure Function for the Microsoft Sentinel Triage AssistanT (STAT)

https://aka.ms/mstat

MIT License

9 stars 1 forks source link

Scoring Update - MDCA Enhancements #46

Closed briandelmsft closed 7 months ago

briandelmsft commented 1 year ago

Scoring module update for MDCA module enhancements.

Look to include top risky users and trending up users in score calculation

briandelmsft commented 1 year ago

@piaudonn thoughts on this and logic for it? Current logic when scoring per item - UsersAboveThreshold 10 Multiplier Current logic when not scoring per item - If AboveThresholdCount > 0, 10 * Multiplier

Thinking of keeping the above logic plus:

10 for user being TopUserThresholdCount
5 for ThreatScoreTrendingUp

piaudonn commented 1 year ago

@briandelmsft that looks fine yes :)