Half-life represents the amount of time it takes for a threat to lose half its intelligence value.
It corresponds to the number of days it takes for the malicious potential of a threat to decay by 50%.
Half-life represents the amount of time it takes an entity to lose half its intelligence value.
It corresponds to the number of days it takes the intelligence value of a malicious entity to decay by 50%.
When configuring an incoming or an outgoing feed, you can set a half-life value in days for the following entity types:
Course of action
To set a half-life for one or more of these properties, do the following:
Enter a numerical value in the entity property input field(s) you want to flag with a half-life value in days.
To store your changes, click Save; to discard them, click Cancel.
About user overrides
User-defined override key/value pairs are stored in the meta field of an entity JSON data structure.
Override fields in the meta field have precedence over:
The corresponding original fields inside meta.
Their corresponding override fields stored inside the sources field of an entity JSON data structure.
Half-life value (in days)
Stores the override value a user can manually define when editing an entity in the entity editor or inside the entity detail pane.