contentctl icon indicating copy to clipboard operation
contentctl copied to clipboard

Published 20 hours ago verified publisher icon splunk

improve output of risk severity field.

Open pyth0n1c opened this issue 1 year ago • 1 comments

it is now calculated using the risk score.

Note that we may apply this to confidence field as well after discussion

pyth0n1c avatar Jul 15 '24 23:07 pyth0n1c

Does this code require the risk_score to be present in the yaml since we are trying to remove risk_score and convert it into a computed field as per this security content PR : https://github.com/splunk/security_content/pull/3062

patel-bhavin avatar Jul 31 '24 23:07 patel-bhavin

Does this code require the risk_score to be present in the yaml since we are trying to remove risk_score and convert it into a computed field as per this security content PR : splunk/security_content#3062

No, it does not require it to be present. It USES the risk_score value, but that is a computed_field that is determined at runtime from confidence and impact.

pyth0n1c avatar Aug 20 '24 22:08 pyth0n1c

Merging this PR to the release branch. As that branch has many related changes, they will all be evaluated and merged to main at the same time.

pyth0n1c avatar Aug 30 '24 19:08 pyth0n1c