From 941dc2b54f08e481eb028edaaccc24d4e1b1000c Mon Sep 17 00:00:00 2001 From: natasha-moore-elastic Date: Fri, 10 May 2024 15:44:44 +0100 Subject: [PATCH 1/3] Documents risk score recalculation when asset criticality is changed --- docs/advanced-entity-analytics/asset-criticality.asciidoc | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/advanced-entity-analytics/asset-criticality.asciidoc b/docs/advanced-entity-analytics/asset-criticality.asciidoc index e500a3da50..e577c44bad 100644 --- a/docs/advanced-entity-analytics/asset-criticality.asciidoc +++ b/docs/advanced-entity-analytics/asset-criticality.asciidoc @@ -23,6 +23,8 @@ You can assign one of the following asset criticality levels to your entities, b For example, you can assign **Extreme impact** to business-critical entities, or **Low impact** to entities that pose minimal risk to your security posture. +When you assign, change, or unassign an entity's asset criticality level, that entity's risk score is immediately recalculated. + [discrete] == View and assign asset criticality @@ -80,7 +82,7 @@ To import a file: NOTE: The file validation step highlights any lines that don't follow the required file structure. The asset criticality levels for those entities won't be assigned. We recommend that you fix any invalid lines and re-upload the file. . Click **Assign**. -This process overwrites any previously assigned asset criticality levels for the entities included in the imported file. The newly assigned or updated asset criticality levels are immediately visible within all asset criticality workflows and will impact entity risk scores during the next risk scoring calculation. +This process overwrites any previously assigned asset criticality levels for the entities included in the imported file. The newly assigned or updated asset criticality levels are immediately visible within all asset criticality workflows. [discrete] == Improve your security operations @@ -110,7 +112,5 @@ To view the impact of asset criticality on an entity's risk score, follow these . Click **View risk contributions** to open the flyout's left panel. . In the **Risk contributions** section, verify the entity's criticality level from the time the alert was generated. -NOTE: The risk summary and **Risk contributions** sections display an entity's asset criticality from the latest risk scoring execution. If you change the asset criticality level, subsequent risk calculations will automatically factor in the newest criticality level. - [role="screenshot"] image::images/asset-criticality-impact.png[View asset criticality impact on host risk score] From 1f07c7ed83a92008176bf1ff0064f97c8a60ce7b Mon Sep 17 00:00:00 2001 From: natasha-moore-elastic Date: Fri, 10 May 2024 18:31:44 +0100 Subject: [PATCH 2/3] Corrects information about bulk assignment --- docs/advanced-entity-analytics/asset-criticality.asciidoc | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/docs/advanced-entity-analytics/asset-criticality.asciidoc b/docs/advanced-entity-analytics/asset-criticality.asciidoc index e577c44bad..598dd2886f 100644 --- a/docs/advanced-entity-analytics/asset-criticality.asciidoc +++ b/docs/advanced-entity-analytics/asset-criticality.asciidoc @@ -23,13 +23,15 @@ You can assign one of the following asset criticality levels to your entities, b For example, you can assign **Extreme impact** to business-critical entities, or **Low impact** to entities that pose minimal risk to your security posture. -When you assign, change, or unassign an entity's asset criticality level, that entity's risk score is immediately recalculated. - [discrete] == View and assign asset criticality Entities do not have a default asset criticality level. You can either assign asset criticality to your entities individually, or <> it to multiple entities by importing a text file. +When you assign, change, or unassign an individual entity's asset criticality level, that entity's risk score is immediately recalculated. + +NOTE: When bulk assigning asset criticality using the file import feature, risk scores are **not** immediately recalculated. The newly assigned or updated asset criticality levels will impact entity risk scores during the next hourly risk scoring calculation. + You can view, assign, change, or unassign asset criticality from the following places in the {elastic-sec} app: * The <> and <>: @@ -82,7 +84,7 @@ To import a file: NOTE: The file validation step highlights any lines that don't follow the required file structure. The asset criticality levels for those entities won't be assigned. We recommend that you fix any invalid lines and re-upload the file. . Click **Assign**. -This process overwrites any previously assigned asset criticality levels for the entities included in the imported file. The newly assigned or updated asset criticality levels are immediately visible within all asset criticality workflows. +This process overwrites any previously assigned asset criticality levels for the entities included in the imported file. The newly assigned or updated asset criticality levels are immediately visible within all asset criticality workflows and will impact entity risk scores during the next risk scoring calculation. [discrete] == Improve your security operations From e9f1dc611f6eda9dce0aaa90f0695f1c25b2e3c0 Mon Sep 17 00:00:00 2001 From: natasha-moore-elastic <137783811+natasha-moore-elastic@users.noreply.github.com> Date: Wed, 15 May 2024 16:01:44 +0100 Subject: [PATCH 3/3] Serverless PR feedback --- docs/advanced-entity-analytics/asset-criticality.asciidoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/advanced-entity-analytics/asset-criticality.asciidoc b/docs/advanced-entity-analytics/asset-criticality.asciidoc index 598dd2886f..40f52656e7 100644 --- a/docs/advanced-entity-analytics/asset-criticality.asciidoc +++ b/docs/advanced-entity-analytics/asset-criticality.asciidoc @@ -30,7 +30,7 @@ Entities do not have a default asset criticality level. You can either assign as When you assign, change, or unassign an individual entity's asset criticality level, that entity's risk score is immediately recalculated. -NOTE: When bulk assigning asset criticality using the file import feature, risk scores are **not** immediately recalculated. The newly assigned or updated asset criticality levels will impact entity risk scores during the next hourly risk scoring calculation. +NOTE: If you assign asset criticality using the file import feature, risk scores are **not** immediately recalculated. The newly assigned or updated asset criticality levels will impact entity risk scores during the next hourly risk scoring calculation. You can view, assign, change, or unassign asset criticality from the following places in the {elastic-sec} app: