Enrichment¶

Summary¶

One part that consumes lots of security analyst’ time is to bring more information about atomic alerts. DTonomy’s built in integrations with different data sources enable you to quickly enrich your alerts with extra information that can help you determine right actions for your security alerts.

Alert Score¶

DTonomy AIR assignes score for each ingested alert. The score can be either assigned manually by the user or it can be determined by the DTonomy AI The score is a decimal number btween 0 and 1 with 1 to be most likely positve alarm that need to be investigated immediately, and 0 to be likely false alarm which can be processes with lower priority or ignored.

Manually assign alert score¶

DTonomy workflow user can assign the alert score manually when upload alerts to the DTonomy platform. The user can set msg.score in a function node right before using the advanced data upload node. DTonomy AIR will set the alert score to be this msg.score value

Automatically assign alert score¶

If a user does not set the alert score manually during the alert upload, the DTonomy AI will kick in to decide the score of each alert uploaded. Based on the alert context, the DTonomy AI engine will select the risk model that most fit the alert and give an accurate prediction of the alert score.