LikelihoodAdjustment(mapping=None, *, ignore_unknown_fields=False, **kwargs)Message for specifying an adjustment to the likelihood of a finding as part of a detection rule.
Attributes |
|
|---|---|
| Name | Description |
fixed_likelihood |
Set the likelihood of a finding to a fixed value. |
relative_likelihood |
int
Increase or decrease the likelihood by the specified number of levels. For example, if a finding would be POSSIBLE
without the detection rule and relative_likelihood is 1,
then it is upgraded to LIKELY, while a value of -1 would
downgrade it to UNLIKELY. Likelihood may never drop
below VERY_UNLIKELY or exceed VERY_LIKELY, so
applying an adjustment of 1 followed by an adjustment of -1
when base likelihood is VERY_LIKELY will result in a
final likelihood of LIKELY.
|