Skip to content

[Internal]: Clarify in Entity Risk Scoring docs risk score alert enrichment behavior #4468

New issue
New issue
Open
Open
[Internal]: Clarify in Entity Risk Scoring docs risk score alert enrichment behavior#4468
Assignees
natasha-moore-elastic
Labels
Team:ExperienceIssues owned by the Experience Docs Team
@jaredburgettelastic

Description

@jaredburgettelastic
jaredburgettelastic
opened on Dec 29, 2025

Description

There is already a note in the "Asset Criticality" section of the entity risk scoring docs that describes the alert enrichment behavior:

Image

However, we should also note that the entity risk fields behave in nearly the same way.

Suggested text, to be placed in the same note: (please feel free to change as desired, new text in bold):

Entity risk fields on alert documents denote the risk at the time the alert was generated, not necessarily the current risk. Additionally, if you change the entity’s criticality level after an alert is generated, that alert document will include the original criticality level and will not reflect the new criticality level.

Resources

N/A

Which documentation set does this change impact?

Elastic On-Prem and Cloud (all)

Feature differences

N/A

What release is this request related to?

N/A

Serverless release

N/A

Collaboration model

The documentation team

Point of contact.

Main contact: @jaredburgettelastic
Docs contact: @natasha-moore-elastic
Stakeholders: @erikh-elastic

Metadata

Metadata

Assignees

Labels

Team:ExperienceIssues owned by the Experience Docs Team

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions