Expanded Availability of Confidence Tag?

samjenk · March 24, 2023, 6:10pm

ET Team member @rgonzalez includes a nice summary by @bmurphy of the confidence metadata tag in Wiki article Confidence metadata tag and its impact & meaning. I’ve been trying to incorporate this tag in the process I use to determine whether a rule would be good for our environment, but have found that not many rules carry it. Any chance this tag could be applied to more rules? My goal is to identify the categories of rules I want to alert on (among other tags), and turn on the highest-confidence rules first as I tune our rule set.

Thanks!

rgonzalez · March 24, 2023, 6:38pm

Thanks for asking! When it comes to metadata tags we try to be more accurate than complete and when such a large number of legacy rules (tens of thousands) this can be slow going as programmatic assignment has been tricky in the past. We’ll keep at it though, and this year we’ll increase the number tags populated for both MITRE and Confidence within the back catalog of sigs!

samjenk · April 21, 2023, 12:17pm

Glad to hear it, @rgonzalez, thanks!

Topic	Replies	Views
Confidence metadata tag and its impact & meaning Wiki	517	March 4, 2023
New metadata tag - reviewed_at Wiki	329	August 21, 2023
MITRE ATT&CK Additions/Modifications - A Community Discussion Feedback & Support feedback , community	263	June 23, 2024
The new compromised_website metadata tag Wiki	52	September 23, 2024
Signature Metadata Wiki	1281	October 17, 2022

Expanded Availability of Confidence Tag?

Related topics