I developed a search that is supposed to alert when a USB and executable is activated in order to see any malicious files are being uploaded onto a computer based on hostname.
My issue is.. when I developed the search and added it to triggered events, I chose the severity as High. But, when the event is triggered on Incident Review, it shows severity as low. On the Risk Analysis dashboard, it shows the searches as "adhoc unknown".
First off, can someone explain what AD HOC is?
Then, has anyone had an issue with the priority and severity conflicting each other resulting in giving the events a lower rating than anticipated?
... View more