To use entity risk scoring and asset criticality, you need the appropriate user roles. These features require the Security Analytics Complete project feature.

This page covers the requirements for using the entity risk scoring and asset criticality features, as well as their known limitations.

Entity risk scoring

User roles

To turn on the risk scoring engine, you need one of the following Security user roles:

• Platform engineer
• Detections admin
• Admin

Known limitations

• The risk scoring engine uses an internal user role to score all hosts and users. After you turn on the risk scoring engine, all alerts in the project will contribute to host and user risk scores.
• You cannot customize alert data views or risk weights associated with alerts and asset criticality levels.

Asset criticality

To use the asset criticality feature, turn on the securitySolution:enableAssetCriticality advanced setting.

User roles

The following Security user roles allow you to view an entity's asset criticality:

• Viewer
• Tier 1 analyst

The following Security user roles allow you to view, assign, change, or unassign an entity's asset criticality:

• Editor
• Tier 2 analyst
• Tier 3 analyst
• Threat intelligence analyst
• Rule author
• SOC manager
• Endpoint operations analyst
• Platform engineer
• Detections admin
• Endpoint policy manager