Expanded Availability of Confidence Tag?

samjenk · March 24, 2023, 6:10pm

ET Team member @rgonzalez includes a nice summary by @bmurphy of the confidence metadata tag in Wiki article Confidence metadata tag and its impact & meaning. I’ve been trying to incorporate this tag in the process I use to determine whether a rule would be good for our environment, but have found that not many rules carry it. Any chance this tag could be applied to more rules? My goal is to identify the categories of rules I want to alert on (among other tags), and turn on the highest-confidence rules first as I tune our rule set.

Thanks!

rgonzalez · March 24, 2023, 6:38pm

Thanks for asking! When it comes to metadata tags we try to be more accurate than complete and when such a large number of legacy rules (tens of thousands) this can be slow going as programmatic assignment has been tricky in the past. We’ll keep at it though, and this year we’ll increase the number tags populated for both MITRE and Confidence within the back catalog of sigs!

samjenk · April 21, 2023, 12:17pm

Glad to hear it, @rgonzalez, thanks!

Topic	Replies	Views
Confidence metadata tag and its impact & meaning Wiki	426	March 4, 2023
New metadata tag - reviewed_at Wiki	247	August 21, 2023
About the Wiki category Wiki	900	August 1, 2022
About the Feedback & Support category Feedback & Support	277	August 2, 2022
About the Tutorials, Tips & Tricks category Tutorials, Tips & Tricks	645	September 12, 2022

Expanded Availability of Confidence Tag?

Related Topics