AnsweredAssumed Answered

Clarification of risk scores in NW Endpoint vs ECAT

Question asked by Jeremy Kerwin on Jul 26, 2020

Am I correct in the following assumption. In ECAT, when files or processes were whitelisted the risk score would lower automatically, but I've noticed that doesn't occur in NetWitness Endpoint.

 

Is the process that once you've assessed a host, done triage, whitelisted safe processes etc, you have to reset the risk score in order for the score to be lowered?

 

Does that also apply for the alerts that are generated for a host as well?

Outcomes