Triage Squid Alerts Using Typosquatting Algorithm
Also available as:
PDF

Triage Squid Events

Security event triage rules determine which events require further follow up and which events can be archived without further investigation. HCP processes many events every day so effective triage helps analysts focus on the most important events.

The two components of security event triage are:
  • Determine if the event is an alert.
  • If the event is an alert, assign a score. If the event is not an alert, it is not scored.