Turn on the risk scoring engine
editTurn on the risk scoring engine
edit[preview] This functionality is in technical preview and may be changed or removed in a future release. Elastic will work to fix any issues, but features in technical preview are not subject to the support SLA of official GA features.
Requirements
To use entity risk scoring, you must have the appropriate user role. For more information, refer to Entity risk scoring requirements.
Preview risky entities
editYou can preview risky entities before installing the risk engine. The preview shows the riskiest hosts and users found in the 1000 sampled entities during the time frame selected in the date picker.
The preview is limited to two risk scores per Serverless Elastic Security project.
To preview risky entities, go to Project settings → Management → Entity Risk Score:
Turn on the risk engine
editTo view risk score data, you must have alerts generated in your environment.
If you’re installing the risk scoring engine for the first time:
- Go to Project settings → Management → Entity Risk Score.
- Turn the Entity risk score toggle on.