Why is an alert's risk level different from the signature's risk level?

Why is an alert's risk level different from the signature's risk level?

0
Created On 09/26/18 13:45 PM - Last Modified 07/19/22 23:08 PM


Symptom


Why is an alert's risk level different from the signature's risk level?

Resolution


Sometimes you may see an alert with a different risk level than the signature's risk level.  This could be caused by either: 

  1. A custom risk level is configured for this signature on your account.  You can check that by going to the External Accounts page and click on "Custom Risk Levels".
  2. The risk level of the signature has been updated globally.  Occasionally, the risk levels may be lowered or raised after a signature has been audited.  Changes to risk level will be communicated via Evident Monitoring Status Page and other sources.

The risk level of an alert is determined at the time the alert is created.  Even if one of the above situations occur, the risk levels of existing alerts will not change.
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClnvCAC&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail