Prioritizing Threat Intelligence
Not all threat intelligence indicators are equal. Some require immediate response, while others can be addressed as time and availability permits. As a result, you must triage and rank threats by severity.
In HCP, you assign severity
by associating possibly complex conditions with numeric scores. Then, for each message,
you use a configurable aggregation function to evaluate the set of conditions and to
aggregate the set of numbers for matching conditions This aggregated score is added to
the message in the