The Matrix

The scoring piece of FIDO is where customization can be done to fit each companies needs. Scoring is broken down as follows:

Threat Feeds
Other Detectors
Historical Information
User/Machine Previous Alerted
Machine Posture
User Posture
Asset Value

The customizations done in the scoring engine are entirely dependent on the environment and resources available where FIDO runs. Each of the categories above should be considered a silo that is scored separately and then aggregated into the machine, user, threat and total score. If you think about it from a top-down point of view, each silo is assigned a weight as to how much percentage it will make up of the score for machine/user/threat and total scores. Then inside of each silo returns are scored and could be additionally weighted. Please use the following image as an example of this.

Scoring Example

Therefore, if you're a PCI affected company, then you might weight asset value to give it the ability to weight more into the score for systems triggering alerts in a PCI affected zone. Likewise, if you have multiple threat feeds available to you, then you might weight the data provided by them higher.

The Matrix

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Clone this wiki locally