The basic formula elements each return a positive numeric value or zero. Individual element values can be configured by changing the Value attribute associated with the XML element for each condition.
Some of the elements are predicates that test a specific condition. If the condition for a specific element is satisfied, these elements return a positive value; otherwise, the element returns zero.
Predicate elements can also be negated using the Negated attribute. In that case, they return a specified value if the condition is not satisfied, and zero if the condition is satisfied.
|
Prioritization Element |
Description |
|---|---|
|
HasOpenPort |
Takes a non-zero value if the target asset has a particular port open. |
|
HasVulnerability |
Takes a non-zero value if the target asset is vulnerable to the attack captured by the alert under consideration. |
|
HasVulnerabilityMapping |
Takes a non-zero value if the signature of the context event has not been mapped to a vulnerability. |
|
HasValue |
Takes a non-zero value if the specified event attribute has a value. |
|
InActiveList |
Takes a non-zero value if the target address belongs to one of the active lists whose URI is provided in the formula. |
|
Constant |
Evaluates to a constant non-zero value. It does not rely on event-specific conditions or any other variable; it remains constant, as the name implies. |