« Asset criticality View and analyze risk score data »
Elastic Docs Serverless Elastic Security Serverless Advanced Entity Analytics Entity risk scoring

Turn on the risk scoring engine

edit

Turn on the risk scoring engine

edit

Requirements

To use entity risk scoring, you must have the appropriate user role. For more information, refer to Entity risk scoring requirements.

Preview risky entities
edit

You can preview risky entities before installing the risk engine. The preview shows the riskiest hosts and users found in the 1000 sampled entities during the time frame selected in the date picker.

The preview is limited to two risk scores per serverless project.

To preview risky entities, go to Project settingsManagementEntity Risk Score:

Preview of risky entities
Turn on the risk engine
edit

To view risk score data, you must have alerts generated in your environment.

If you’re installing the risk scoring engine for the first time:

  1. Go to Project settingsManagementEntity Risk Score.
  2. On the Entity Risk Score page, turn the toggle on.

You can also choose to include Closed alerts in risk scoring calculations and specify a date and time range for the calculation.

Turn on entity risk scoring
« Asset criticality View and analyze risk score data »