The Calibration Score in Seculyze is designed to give you a clear and actionable overview of how well your Microsoft Sentinel environment is configured - and how much potential remains to improve it. Inspired by the concept of Microsoft Secure Score, it provides a comprehensive snapshot across three core dimensions:
Alert Rules
Log Sources
Configurations
What is the Calibration Score?
The Calibration Score reflects both your current setup and the untapped potential in your Sentinel deployment. The total possible score is 200 points, and it’s based on your implementation of recommended best practices in detection engineering.
Score Breakdown
Area | Weight in score | Max points |
Alert Rules | 50% | 100 |
Log Sources | 40% | 80 |
Configurations | 10% | 20 |
Total | 100% | 200 |
Each category is independently evaluated, and the individual scores are added together for the final result.
How Each Area is Scored
1. Alert Rules (Max 100 Points)
Alert rules are assessed based on their value rating (high, medium, low) and their current status (enabled/disabled).
+2 points for high-value rules that are enabled
+2 points for low-value rules that are disabled
–2 points for high-value rules that are disabled
–2 points for low-value rules that are enabled
+1 point for medium-value rules enabled and linked to a high-value log source
–1 point for using outdated alert rule template
The maximum score is calculated as 2 × (number of high + low value rules). You can never exceed the maximum; if your calculated points go over, the area score is capped at full value (100).
2. Log Sources (Max 80 Points)
Log sources are evaluated based on their value and their relationship to alert rules.
+2 points for high-value log sources that are enabled
+2 points for low-value log sources that are disabled
–2 points for high-value log sources that are disabled
–2 points for low-value log sources that are enabled
+1 point if a log source has more than two alert rules attached
–4 points for log sources with no alert rules attached
As with alert rules, the maximum is 2 × (number of high + low value log sources). Additional or non-standard log sources do not provide bonus points.
3. Configurations (Max 20 Points)
Configuration settings are evaluated more simply:
+2 points for each recommended configuration that is enabled
No negative points are applied in this category
Maximum is based on 2 × number of configuration recommendations. Like the other areas, your score here is capped at the maximum.
Example: Calculating the Overall Score
Suppose:
You’ve achieved 80% of the maximum alert rule score
75% of the maximum log source score
100% of the configuration recommendations
Then your overall Calibration Score would be:
Alert Rules: 80% × 100 = 80
Log Sources: 75% × 80 = 60
Configurations: 100% × 20 = 20
Total Score = 80 + 60 + 20 = 160 / 200
Why It Matters
The Calibration Score helps:
Identify gaps in your Sentinel setup
Track progress over time
Justify investments in tuning detection logic
Demonstrate improvement to stakeholders
Map your maturity to peers
It’s a practical tool to align your detection engineering efforts with best practices and risk reduction goals.