暂时无法在支持网站上提交享有定期维护的产品表单。 如果您需要我们立即提供帮助,请与技术支持部门联系。 对于由此给您带来的不便,我们深表歉意。
获得即时帮助
完成注册
登录
请求定价
联系销售人员
您已选择一个产品捆绑包。 您能否选择单个产品以便我们更好地满足您的请求。 *
技术支持工程师目前正忙,无法回应您的消息。 如果需要即时服务,请通过我们的服务请求表提交请求。
以下文章可根据您的描述解决您的问题。
Each alert is assigned a risk score based on the criticality of its threat indicators. All the alerts that have been identified for each user are combined to produce an overall user risk score that reflects how risky or suspicious that user is. To ensure that only highly suspicious patterns of activity are highlighted and more innocuous alerts are suppressed, risk scoring is applied at four different stages.
Stage 1: Event scoring
Each raw event is given an initial risk score that rates the abnormality of its parameters, such as the computer, time or file location.
Stage 2: Threat indicator scoring
Similar events are grouped as threat indicators and scored again to identify abnormal patterns that extend over a period of time, such as an hour.
Stage 3: Alert scoring
SMART alerts correlate events and threat indicators into an aggregate alert, which is scored for a third time based on the uniqueness of its composition and the severity of the activities involved.
Indicators that are not scored high enough, or that are not correlated with other indicators in the same time period, are eliminated as false positives so that they do not create excessive noise. Only the SMART alerts that are scored as most critical are shown in the dashboard.
The final score ranges between 0 and 100, where 0 reflects an event/session/user which is completely adequate with the normal baseline, whereas 100 indicates a very unusual anomaly.
Stage 4: User risk scoring
The user risk score is an aggregate of the contribution to user scores for each alert related to the user. The contribution to the user score value for the alert is dependent on the alert severity. Critical alerts contribute 20, high contribute 15, medium contribute 10, and low contribute 1. The users with the highest risk scores are highlighted in the Threat Detection dashboard.
Threat Detection process includes the following steps:
For detailed instructions on how to deploy and properly install Threat Detection, see the Change Auditor for Threat Detection Deployment Guide.
For information about Change Auditor system requirements, see the Change Auditor Release Notes and the Change Auditor for Threat Detection Deployment Guide.
您可以在附属支持站点上查找适用于戴尔*产品*的在线支持帮助。单击“继续”,转至适用于*产品*的正确支持内容和帮助。
The document was helpful.
选择评级
I easily found the information I needed.
© 2024 Quest Software Inc. ALL RIGHTS RESERVED. 使用条款 隐私 Cookie Preference Center
Quest Software门户不再支持IE 8、9和10,建议将您的浏览器升级到最新版本的Internet Explorer或Chrome。
要升级到IE 11,请单击此处
要升级到Chrome,请单击此处
如果继续使用IE 8、9和10,您将无法充分利用我们所有出色的自助服务功能。