Closed pyth0n1c closed 1 week ago
patel-bhavin
commented
1 month ago Does this code require the risk_score to be present in the yaml since we are trying to remove risk_score and convert it into a computed field as per this security content PR : https://github.com/splunk/security_content/pull/3062
pyth0n1c
commented
2 weeks ago Does this code require the risk_score to be present in the yaml since we are trying to remove risk_score and convert it into a computed field as per this security content PR : splunk/security_content#3062
No, it does not require it to be present. It USES the risk_score value, but that is a computed_field that is determined at runtime from confidence and impact.
pyth0n1c
commented
1 week ago Merging this PR to the release branch. As that branch has many related changes, they will all be evaluated and merged to main at the same time.
it is now calculated using the risk score.
~Note that we may apply this to confidence field as well after discussion~ Given ongoing discussions over the existence of the
confidencefield, we will not make changes to that value in this PR. Please see this PR for further discussion around the future ofrisk stuffin our YMLs: https://github.com/splunk/contentctl/pull/263