Understanding Verdict Generation

the generate verdict step in the determination phase uses hero ai to analyze the signal and produce a verdict verdict inputs the verdict generation uses signal tracking id signal data (observables, severity, source, etc ) threat intelligence enrichment results knowledge base articles linked to the signal similar signals and their verdicts investigation comments and summaries verdict outputs after running the verdict step, you'll see final ai verdict malicious confirmed threat requiring response suspicious needs further investigation benign false positive, no threat unknown insufficient data to determine verdict analysis narrative explanation of the verdict confidence score (0 10 scale) summary of key factors improvement guidance (what data would increase confidence) threat intelligence analysis ti verdict and confidence summary of ti findings improvement guidance mitre att\&ck context mapped techniques and tactics d3fend guidance considerations and recommendations overall confidence score combined confidence from all analysis factors using verdict results review the verdict check the confidence score higher confidence (8 10) indicates strong agreement across factors read the analysis narrative to understand the reasoning review improvement guidance if confidence is low compare with manual assessment if you disagree with the ai verdict, set a manual verdict add investigation comments explaining your reasoning this helps improve future ai analysis take action malicious verdicts escalate to case and generate remediation plan suspicious verdicts continue investigation or escalate if high risk benign verdicts resolve the signal and document as false positive unknown verdicts gather more evidence and re run analysis