MDCA improvement #45

piaudonn · 2023-09-10T18:16:58Z

Added additional checks:

Check if the user's score is trending up (adding a function data.py to calculate the slope)
Check if the user is in the top 10 score on the tenant (or top X provided as TopUserThreshold input to the module)
Retrieve the user's last score ranking percentile

Those are done for each user and then summarized in the following global properties in the returned mdca_object:

HighestScorePercentile - the highest latest percentile
TopUserThresholdCount - return how many users in the incidents are in the top 10 (or top X)
AnyThreatScoreTrendingUp - return if any user's score is trending up

Fixes #44

piaudonn · 2023-09-10T18:17:08Z

@briandelmsft what do you think?

piaudonn added 2 commits September 10, 2023 14:10

New version for MDCA

3dd2a7d

Default top threshold to 10

d5fc301

piaudonn added enhancement New feature or request MDCA Module labels Sep 10, 2023

piaudonn mentioned this pull request Sep 11, 2023

STAT v2 - Migrate MDCA Module briandelmsft/SentinelAutomationModules#408

Closed

9 tasks

piaudonn added 4 commits September 29, 2023 09:41

Remove scipy dependencies

51b2eb6

Fix col for slope calc

34ed6c3

Update mdca.py

e4fdc66

Update version.json

c8d828a

piaudonn marked this pull request as ready for review September 29, 2023 23:52

piaudonn mentioned this pull request Sep 30, 2023

Update connector.json briandelmsft/SentinelAutomationModules#435

Merged

briandelmsft approved these changes Oct 2, 2023

View reviewed changes

briandelmsft merged commit f02a8ca into main Oct 2, 2023
1 check passed

briandelmsft deleted the mdca_adv branch October 2, 2023 13:18

Provide feedback