Class LikelihoodAdjustment (3.4.0)

LikelihoodAdjustment(mapping=None, *, ignore_unknown_fields=False, **kwargs)

Message for specifying an adjustment to the likelihood of a finding as part of a detection rule.

This message has oneof_ fields (mutually exclusive fields). For each oneof, at most one member field can be set at the same time. Setting any member of the oneof automatically clears all other members.

Set the likelihood of a finding to a fixed value. This field is a member of oneof_ adjustment.
relative_likelihood int
Increase or decrease the likelihood by the specified number of levels. For example, if a finding would be POSSIBLE without the detection rule and relative_likelihood is 1, then it is upgraded to LIKELY, while a value of -1 would downgrade it to UNLIKELY. Likelihood may never drop below VERY_UNLIKELY or exceed VERY_LIKELY, so applying an adjustment of 1 followed by an adjustment of -1 when base likelihood is VERY_LIKELY will result in a final likelihood of LIKELY. This field is a member of oneof_ adjustment.