Hortonworks Docs » Hortonworks Cybersecurity Platform 1.8.0 » Runbook Prioritizing Threat Intelligence
Runbook Prioritizing Threat Intelligence
Also available as:
PDF

Prioritizing Threat Intelligence

Not all threat intelligence indicators are equal. Some require immediate response, while others can be dealt with or investigated as time and availability permits. As a result you need to triage and rank threats by severity.

In Hortonworks Cybersecurity Platform (HCP), you assign severity by associating possibly complex conditions with numeric scores. Then, for each message, you use a configurable aggregation function to evaluate the set of conditions and to aggregate the set of numbers for matching conditions. This aggregated score is added to the message in the threat.triage.level field.

© 2012–2019, Hortonworks, Inc.
Document licensed under the Creative Commons Attribution ShareAlike 4.0 License.
Hortonworks.com | Documentation | Support | Community