...
Alternatively if you would like to set your own risk score for your alerts on a scale from 0 to 100, you can add the risk score as a value directly in the alert LINQ. An example of this can be seen below:
select 50 as risk
If there is no risk score associated with an alert then a default risk score of 35 will be used if there is an entity mapped within the alert. The entity mapping at the bottom of the page must be present in order to make use of the default risk score.
If no values for technique ID, risk, or entity are listed in the alert then the alert will be ignored by the risk calculation process.
If you want to exclude an alert from the risk calculation since it alerts on data with the entity.behavior.risk.events table then add [select "Risk" as alertType] to the alert and it will be excluded. The risk alert type avoids positive feedback loops of entity risk over time:
...