Maltiverse Threat Intelligence Platform offers a powerful feature known as the Scoring Algorithm, which is available for Enterprise customers. This customizable, rule-based scoring algorithm is pivotal in evaluating and managing the threat intelligence data uploaded by the customer. A key component of this algorithm is the concept of “Affected Indicators,” which we will explore in this article.
Understanding “Affected Indicators” #
“Affected Indicators” refer to the set of IoCs that match the query of a scoring rule. These IoCs are directly impacted by the actions defined in the rule’s action stack and is changing across time.
Visualization in Maltiverse #
“Affected Indicators” are prominently displayed in two areas within the Maltiverse platform:
- Scoring Rule Dashboard:
- In this table, each scoring rule is listed along with various details.
- The “Affected Indicators” for each rule are shown as a count in a dedicated column.
- This count gives a quick overview of how many IoCs are currently impacted by the rule.
- Individual Rule View:
- Within each rule’s detailed view, there is a tab labeled “Affected IoCs.”
- This tab not only displays the count of affected IoCs but also provides a browsable, paginated list of these IoCs.
- Users can navigate through this list to examine each affected IoC in detail.
Interacting with Affected Indicators #
- Analysis: Users can analyze the listed IoCs to understand why they were matched by the rule and the implications of the applied actions.
- Modification: Based on this analysis, users can modify the rule’s query or action stack to refine their threat intelligence process.
- Tracking Changes: Over time, as the threat landscape evolves, users can track how the number and nature of affected IoCs change in response to their rule adjustments.
The “Affected Indicators” feature in Maltiverse’s Scoring Algorithm is a crucial tool to manage and refine their scoring rules effectively. By providing a clear view of the IoCs impacted by specific rules and allowing for in-depth analysis and modification.