To use entity risk scoring, you need the appropriate user role. Entity risk scoring requires the Security Analytics Complete project feature.
This page covers the requirements for using the entity risk scoring feature, as well as its known limitations.
To turn on the risk scoring engine, you need one of the following Security user roles:
- Platform engineer
- Detections admin
The risk scoring engine uses an internal user role to score all hosts and users, and doesn't respect privileges applied to custom users or roles. After you turn on the risk scoring engine, all alerts in the project will contribute to host and user risk scores.
On this page