InQuest FDR continuously extracts artifacts, processes files through its DFI engine, and provides file-related artifacts to optional third-party / in-cloud services - ultimately producing a single, all-encompassing threat or data-loss score per artifact. Scores are based on both confidence and severity, where severity ranges from 0 - 10, 10 being the most severe.
Analysts will often want discrete knowledge of what drives a given IQScore. InQuest FDR produces a "receipt" that chronicles contributing factors for at-a-glance insight.
IQScore Algorithm Updates
The InQuest FDR scoring algorithm (which generates threat or data-loss scores ranging from 0-10) is updated regularly. Updates take into consideration adds/drops/changes to all available inputs - which may include optional reputation feed integrations, InQuest Threat Exchange data, models, heuristic extractors, multi-AV provider findings, and sandbox solutions findings.