You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: crowdsec-docs/docs/log_processor/scenarios/format.md
+8-2Lines changed: 8 additions & 2 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -488,8 +488,14 @@ The chance between 0 and 3 that the attacker behind the attack can spoof its ori
488
488
#### `confidence`
489
489
>type: int [0-3]
490
490
491
-
The confidence note between 0 and 3 that the scenario will not trigger false positive.
492
-
0 means no confidence and 3 means high confident.
491
+
The confidence score ranges from 0 to 3, indicating the likelihood that the scenario will not produce a false positive.
492
+
493
+
A lower score suggests that the action might not be malicious, while a higher score indicates higher confidence that the scenario identified malicious behavior.
494
+
495
+
- `0`: The scenario is likely to produce false positives, so it is not reliable for identifying malicious behavior.
496
+
- `1`: The scenario may produce false positives and is not highly reliable for identifying malicious behavior.
497
+
- `2`: The scenario is reliable and unlikely to produce false positives. It can be used to identify malicious behavior.
498
+
- `3`: The scenario is highly reliable and will not produce false positives. It is trustworthy for identifying malicious behavior.
0 commit comments