View Threat Decision Parameters
If the Alert Profiler is enabled, threats are elevated to alerts based on whether those threats meet conditions in the Alert Profiler. Use the Decision Parameters tab to understand why a threat was or wasn't elevated to an alert. With this understanding, you can create or modify Alert Profiler rules to ensure that future threats are elevated (or not) as you expect.
This tab is available for the following alert types:
- Phishing Domains and Phishing Websites
- Exposed Services
- Bot Data for Sale
- Black Markets
To view decision parameters:
- From the Threat Command > Threats page, select a threat.
- Select the Decision Parameters tab.
The following figure shows a threat that was not elevated to an alert:
The left side of the page shows all rules against which this threat was tested. You can select a rule to see its conditions.
To see the full description of the Decision Parameters tab, see Decision Parameters.