Risk Score Engine
Notice
The Confidence Score Engine is now revamped and renamed to Risk Score Engine. This is a beta feature available in Intel Exchange v3.7.4.0 (Early Access).
Intel Exchange scores all the indicators by assigning them a numeric value called the Risk Score. This score is a value between 0 and 100 assigned automatically to threat indicators and represents the risk associated with the indicator. A score of 100 suggests that the indicator is highly malicious while a score of 0 suggests it is non-malicious.
The Risk Score assigned to an indicator is determined by the following factors:
Intel Exchange Risk Score: Refers to the customizable score calculated by Intel Exchange based on source credibility, enrichment tools, and indicator attributes. The Intel Exchange Risk Score is enabled by default and allows you to tailor the Risk Score for indicators according to these factors. For more information, see Configure Intel Exchange Risk Score.
External Risk Score: Refers to the Risk Score assigned by the external sources of threat data. When you enable it for specific external sources, it replaces the Intel Exchange Risk Score for those sources, using the external sources' Risk Score directly for the indicators. For more information, see Configure External Risk Score.
Feature Availability Matrix
CTIX Enterprise | CTIX Lite | CTIX Spoke |
|---|---|---|
Yes | Yes | Yes |