You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Rather than alerting only when a yara sig or jq sig has the alert condition set, it would be very helpful to also allow for thresholded alerting wherein one could establish in the dispositioner a relative "suspiciousness" on a score of -10 to +10 for a yara sig or post processor sig and also set an alerting threshold so that a series of relatively suspicious things could trigger an alert or archival decision.
The text was updated successfully, but these errors were encountered:
Rather than alerting only when a yara sig or jq sig has the alert condition set, it would be very helpful to also allow for thresholded alerting wherein one could establish in the dispositioner a relative "suspiciousness" on a score of -10 to +10 for a yara sig or post processor sig and also set an alerting threshold so that a series of relatively suspicious things could trigger an alert or archival decision.
The text was updated successfully, but these errors were encountered: