metron-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Otto Fowler <>
Subject question on Threat Triage Score
Date Fri, 22 Sep 2017 15:58:03 GMT
For the life of me, I can’t see where the actual score is set into the
rule, besides the stellar functions.
I am looking at the ThreatTriageProcessor::apply  method.

Does anyone know how the score gets set?

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message