6.4 Alert Scoring

TBAML provides a mechanism to compute a score for events to provide an initial prioritization. The score is an integer and will be bounded by a configurable minimum and maximum value.

This module has two different strategies for computing the event's score. All strategies are based on the score of the event's matches. The strategies are:

• Max Match Score: The score of the event equals the event's highest scoring match.
• Average Match Score: The score of the event equals the average of its matches score.

Refer to the Administration Tools User Guide for more information