03-20-2025 06:31 AM
I am looking for a way to modify the severity score for the alert in category Malware, named Suspicious Executable Detected. By default, this stamps the alert with a MEDIUM severity and therefore creates an Incident with that Severity. I would like to manage the severity level of this alert, so that it is a HIGH severity, as at MEDIUM it does not get the prioritization that I need.
Is there a way to modify the alert logic to be able to achieve this?
03-20-2025 06:34 AM
Hi @DuncanGM,
Yes, you can modify the Alert Severity by using an Automation Rule.
Going to Incident Response - Response - Automation, you can create a filter rule with the action to set the severity. More details in this document.
If this post answers your question, please mark it as the solution.
03-20-2025 06:34 AM
Hi @DuncanGM,
Yes, you can modify the Alert Severity by using an Automation Rule.
Going to Incident Response - Response - Automation, you can create a filter rule with the action to set the severity. More details in this document.
If this post answers your question, please mark it as the solution.
03-20-2025 08:50 AM
Many thanks, I have set that up, just need to test it now. Thank you.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
