Managing Hive-Cloud scores

Hive-Cloud is an integration between QRadar® EDR and third-party threat intelligence services. A Hive-Cloud score is the threat score that is associated with a binary the first time it is run in your organization. Set Hive-Cloud score ranges to determine whether a binary generates an alert, and whether it is blocked from running.

Procedure

  1. Click Administration > Hive-Cloud Score.
  2. If you're in an MSSP environment, select the target clients or groups for your Hive-Cloud score ranges.

    If you select a client, all groups within the client inherit the Hive-Cloud score ranges.

  3. Set the Starting From values for alerts and for blocking.
    No Alert
    When a binary file runs with a score in the No Alert range, no alert is generated, and the file is not blocked from running.
    The No Alert range always starts at 0.
    Alert
    When a binary file runs with a score in the Alert range, an alert is generated, and the file is not blocked from running.
    The suggested Starting From value for the Alert range is 25 or 30.
    Block
    When a binary file runs with a score in the Block range, an alert is generated, and the file is blocked from running.
    The suggested Starting From value for the Block range is 90.
  4. Click Save Score Ranges.