Scoring Update - MDCA Enhancements

briandelmsft / STAT-Function

Azure Function for the Microsoft Sentinel Triage AssistanT (STAT)

https://aka.ms/mstat

MIT License

8 stars 1 forks source link

Scoring Update - MDCA Enhancements #46

Closed briandelmsft closed 2 months ago

briandelmsft commented 9 months ago

Scoring module update for MDCA module enhancements.

Look to include top risky users and trending up users in score calculation

briandelmsft commented 9 months ago

@piaudonn thoughts on this and logic for it? Current logic when scoring per item - UsersAboveThreshold 10 Multiplier Current logic when not scoring per item - If AboveThresholdCount > 0, 10 * Multiplier

Thinking of keeping the above logic plus:

10 for user being TopUserThresholdCount
5 for ThreatScoreTrendingUp

piaudonn commented 8 months ago

@briandelmsft that looks fine yes :)