This page describes Global Intelligence for Security Insights, implemented in CSE as Global Confidence scores. This feature helps security analysts triage and prioritize Insights.
What is a Global Confidence score?
An Insight’s Global Confidence score represents a level of confidence, predicted by Sumo Logic’s Global Intelligence machine learning model, that the Insight is actionable.
The score is generated based on the underlying pattern of Signals in an Insight. The model compares this pattern to previously observed patterns from Insights that were closed with either a False Positive or Resolved resolution. The model does such comparisons broadly—across the global installed base of Cloud SIEM Enterprise customers—so it can generate a Confidence score based on the patterns seen at one customer when they are encountered at another customer. In addition to leveraging the patterns discovered across the CSE installed base, the model customizes scores for Insights in your account based on your customized content, including tuned and custom rules.
The score is on a scale of 0 to 100. A higher score indicates higher confidence that the Insight is actionable. If the model does not have enough information, it will not make a prediction and no score will be listed (you’ll see either “No prediction” or “N/A”).
Prerequisites for using Global Confidence scores
The only prerequisite for taking full advantage of Confidence scores is to make sure your content is available to Sumo Logic’s machine learning model. If you don't close Insights with an appropriate resolution, the model won’t be able to consider your content and may not be able to generate Global Confidence scores for your Insights. To take full advantage of this feature, make sure you close your Insights as False Positive or Resolved.
Using Global Confidence scores
The Global Confidence score is a valuable data point to consider when prioritizing which Insights to triage first.
An Insight’s Confidence score is shown for each Insight on the Insights list page. You can sort the Insight list by the Global Confidence score, as well as by Severity.