Need a better understanding of what importance level and confidence level, in CloudSOC Detect, are and how they are important.
You can configure both the importance level and a confidence level that determines how much certainty you require to declare an incident.
The greater the confidence setting, the more comprehensive a user profile must be before declaring that an incident falls outside the bounds of normal behavior.
For example, setting confidence to 90% means that the detector does not fire unless the user’s profile has enough data for Detect to tell the difference between normal and abnormal behavior with 90% certainty.
An important tradeoff inherent in this method is that a larger confidence value requires a longer training period to achieve the required certainty.
The importance and confidence settings influence detectors vary differently--high confidence with low importance means something very different from low confidence with high importance.
Consider the three examples described below.
For additional details see Detect Tech Doc:
https://techdocs.broadcom.com/us/en/symantec-security-software/information-security/symantec-cloudsoc/cloud/detect-home/understanding-importance-and-confidence.html