How does severity scoring work
FAQ
There are two areas of severity scoring within ZoneFox, one for the rule based Policies and another for the AI alerting.
The Policy alerts severity level is controlled by the organisation. When a new policy is configured the severity level for the alerts can be set (a value from 10 to 90 in increments of 10).
AI alerts are generated automatically by the machine learning models of ZoneFox. They are scored on a combination of anomalous-ness (how much of deviation in normal behaviour the event represents), and risk (a static score, according to the type of program, data, or activity which the event represents e.g. a cloud backup program is medium risk). These scores are combined, with a weighting of 40 (deviation) / 60 (risk).
The risk category which each alert occupies (low, medium, high) is the same for both AI and policy based alerts:
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.