Skip to content

[Internal]: Documentation request for using Privileged Users as an input to Risk Scoring #3905

New issue
New issue
Open
Open
[Internal]: Documentation request for using Privileged Users as an input to Risk Scoring#3905
Assignees
natasha-moore-elastic
Labels
Team:ExperienceIssues owned by the Experience Docs Team
@tiansivive

Description

@tiansivive
tiansivive
opened on Nov 12, 2025

Description

Description

We're adding a new modifier to Risk Scoring which takes into account whether a user entity is being tracked as a Privileged User.
On calculating an entity's risk score, we first calculate a sum based on aggregated alerts for said entity. In a subsequent phase, we apply bayesian updates, with modifiers based on different criteria such as Asset Criticality and now Privileged User status.

When

9.3 for Milestone 1

Why

A "privileged user status" is an inherently risky attribute for a user to have as such users naturally have access to more mission-critical systems within an organisation.
This must be factored in to provide more accurate monitoring of an Entity's risk score.

Resources

Epic with Acceptance Criteria
PR - Another will follow for UI changes

Which documentation set does this change impact?

Elastic On-Prem and Cloud (all)

Feature differences

No difference between deployments

What release is this request related to?

N/A

Serverless release

Undefined

Collaboration model

The documentation team

Point of contact.

Main contact: @tiansivive

Stakeholders:
@jaredburgettelastic

Metadata

Metadata

Assignees

Labels

Team:ExperienceIssues owned by the Experience Docs Team

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions