Entity risk scoring requirements
editEntity risk scoring requirements
editTo use entity risk scoring and asset criticality, you need the appropriate user roles. These features require the Security Analytics Complete project feature.
This page covers the requirements for using the entity risk scoring and asset criticality features, as well as their known limitations.
Entity risk scoring
editTo turn on the risk scoring engine, you need either the appropriate predefined Security user role or a custom role with the right privileges:
Predefined roles
- Platform engineer
- Detections admin
- Admin
Custom role privileges
Cluster | Index | Kibana |
---|---|---|
|
|
Read for the Security feature |
- The risk scoring engine uses an internal user role to score all hosts and users. After you turn on the risk scoring engine, all alerts in the project will contribute to host and user risk scores.
- You cannot customize alert data views or risk weights associated with alerts and asset criticality levels.
Asset criticality
editTo use asset criticality, you need either the appropriate predefined Security user role or a custom role with the right privileges:
Predefined roles
Action | Predefined role |
---|---|
View asset criticality |
|
View, assign, change, or unassign asset criticality |
|
Custom role privileges
Custom roles need the following privileges for the .asset-criticality.asset-criticality-<space-id>
index:
Action | Index privilege |
---|---|
View asset criticality |
|
View, assign, or change asset criticality |
|
Unassign asset criticality |
|