Hive-Cloud is an
integration between QRadar® EDR and
third-party threat intelligence services. A Hive-Cloud score is the threat score that is
associated with a binary the first time it is run in your organization. Set Hive-Cloud score ranges to determine whether a
binary generates an alert, and whether it is blocked from running.
Procedure
- Click
.
- If you're in an MSSP environment, select the target clients or groups for your
Hive-Cloud score ranges.
If you select a client, all groups within the client inherit the Hive-Cloud score ranges.
- Set the Starting From values for alerts and for blocking.
- No Alert
- When a binary file runs with a score in the No Alert range, no alert is
generated, and the file is not blocked from running.
- The No Alert range always starts at 0.
- Alert
- When a binary file runs with a score in the Alert range, an alert is
generated, and the file is not blocked from running.
- The suggested Starting From value for the Alert
range is 25 or 30.
- Block
- When a binary file runs with a score in the Block range, an alert is
generated, and the file is blocked from running.
- The suggested Starting From value for the Block
range is 90.
- Click Save Score Ranges.