How to determine the overall rating of an alert via the database

search cancel

How to determine the overall rating of an alert via the database

book

Article ID: 393404

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

How to determine the overall rating of an alert via the database.
Used for custom reporting, the following information is provided to help map the overall risk data via the database.

Resolution

There is an "OVERALL" column in the VIRUS table that will be mapped to the following:
Overall Rating:
0 = None
1 or 2 = Low
3 = Medium
Others = High

How is the OVERALL calculated?
The value for the OVERALL column is the average of these four ratings in the Virus table:
STEALTH
REMOVAL
PERFORMANCE
PRIVACY

But if any of these ratings are unknown, then the OVERALL is set to -1 (not provided).

If the value in the table is -1 (not provided), we set the overall rating depending on the type:
Rating is 5 (High) for:
– SPYWARE
– ADWARE
– DIALERS
– REMOTE_ACCESS
– HACKER_TOOLS
Rating is 3 (Medium) for other types.

The VIRUS table is mapped to the computer through the alert.

Feedback

thumb_up Yes

thumb_down No