Set maliciousness

Gauge maliciousness to assess how dangerous an observable threat potential can be.

In the Intelligence Center you can set a confidence level to estimate the likelihood of an observable being malicious or not.
The maliciousness values you can set help answer the following question:

“Based on the factual evidence and the intelligence gathered so far, how likely is it that the information this observable represents may be malicious?”

The following table lists the available confidence levels to assess maliciousness, their color coding in the Intelligence Center GUI, and what each level means.

Maliciousness confidence level

Color code

Description

Unknown


GRAY

It is not possible to assess if the observable is malicious or not.

Safe

GREEN

The observable is not malicious.

Malicious – Low confidence

RED

The observable might be malicious, but I am not sure.

Malicious – Medium confidence

RED

I am confident to a point that the observable may be malicious.

Malicious – High confidence

RED

I am confident that the observable is malicious.

Setting a maliciousness confidence level enables triaging and prioritizing threat severity.
You can set the maliciousness confidence level of an observable in one of the following ways:

In the Observables overview

  1. In the left navigation bar, Search images/download/attachments/86441064/search.svg-x24.png > GO TO SEARCH AND BROWSE > Observables.

  2. Click the menu icon in the row corresponding to the observable you want to assign a maliciousness confidence level to.

  3. From the drop-down menu select Set maliciousness.

  4. From the sub-menu, click the maliciousness confidence level you want to assign to the observable.

In the Observables detail pane

  1. Open the detail pane of the observable you want to assign a maliciousness confidence level to.

  2. In the top half of the Overview tab, under Maliciousness, click Edit.

  3. From the drop-down menu select a maliciousness confidence level for the observable.
    Alternatively:
    In the observable detail pane click the menu icon > Set maliciousness.

  4. From the sub-menu, click the maliciousness confidence level you want to assign to the observable.

In the Observables tab on the entity detail pane

  1. Open the entity detail pane of the entity related to the observable you want to assign a maliciousness confidence level to.

  2. In the entity detail pane, click the Observables tab.

  3. Click the menu icon in the row corresponding to the observable you want to assign a maliciousness confidence level to.

  4. From the drop-down menu select Set maliciousness.

  5. From the sub-menu, click the maliciousness confidence level you want to assign to the observable.

Bulk action on multiple observables

You can also select multiple observables, and then you can assign the same maliciousness level to them at once:

  1. Browse to the Observables view or open the Observables tab in the entity detail pane of the entity whose observables you want to assign a maliciousness confidence level to.

  2. Select the checkboxes corresponding to the observables whose maliciousness confidence level you want to set at once.

  3. Click the menu icon above the table header, and from the drop-down menu select Set maliciousness.

  4. From the sub-menu, click the maliciousness confidence level you want to assign to the observable.