Observable maliciousness#
Gauge maliciousness to assess how dangerous an observable threat potential can be.
In EclecticIQ Intelligence Center you can set a confidence level to estimate the likelihood of an observable being malicious or not.
The maliciousness values you can set help answer the following question:
“Based on the factual evidence and the intelligence gathered so far, how likely is it that the information this observable represents may be malicious?”
The following table lists the possible observable maliciousness levels.
Maliciousness confidence level |
Description |
---|---|
Unknown |
It is not possible to assess if the observable is malicious or not. |
Safe |
The observable is not malicious. |
Malicious – Low confidence |
The observable might be malicious, but I am not sure. |
Malicious – Medium confidence |
I am confident to a point that the observable may be malicious. |
Malicious – High confidence |
I am confident that the observable is malicious. |
In the data model#
Maliciousness is represented by two keys in the data model. Values in these two keys used to display a combined Maliciousness value in the UI:
Key |
Description |
---|---|
|
Sets a broad classification for the observable. Possible values:
|
|
Used only if Possible values:
|
Set maliciousness#
You can set the maliciousness confidence level of an observable in one of the following ways:
In the Observables overview
In the left navigation bar, Search > GO TO SEARCH AND BROWSE > Observables.
Locate the observable you want to set maliciousness for. Select More > Set maliciousness.
From the dropdown menu, select a maliciousness level.
In the Observables detail pane
Open the detail pane of the observable you want to assign a maliciousness confidence level to.
In the top half of the Overview tab, under Maliciousness, click Edit.
From the drop-down menu select a maliciousness level for the observable.
Alternatively:
In the observable detail pane:
In the Observables tab on the entity detail pane
Open the entity detail pane of the entity related to the observable you want to assign a maliciousness confidence level to.
In the entity detail pane, click the Observables tab.
Locate the observable you want to set maliciousness for. Select More > Set maliciousness.
From the dropdown menu, select a maliciousness level.
Bulk action on multiple observables
You can also select multiple observables, and then you can assign the same maliciousness level to them at once:
Browse to the Observables view or open the Observables tab in the entity detail pane of the entity whose observables you want to assign a maliciousness confidence level to.
Select the checkboxes corresponding to the observables whose maliciousness confidence level you want to set at once.
Click the menu icon above the table header, and from the drop-down menu select Set maliciousness.
From the dropdown menu, select a maliciousness level.