The Key Threats feature in Seculyze is designed to help you focus on what matters most. It highlights the most critical, unhandled threats in your Microsoft Sentinel environment, using a dynamic, context-aware approach, not static scoring.
Where It’s Used
The Top Threats list is visible in two key places:
Dashboard – provides a quick overview of current high-priority threats
Top bar of the Incidents view – continuously shows the most critical open threats as you work with incidents
This ensures that high-risk activity is always in front of your team — even when navigating other parts of the platform.
How It Works
Top Threats are ranked by customer-specific priority and presented in a descending list based on the following categories:
1. True Positive Detected
These are alerts that closely match past attack patterns observed in your environment.
Identified using Seculyze’s custom machine learning algorithm
Unique to your organization
Reflects historically validated threat behaviors
2. High-Risk Alerts
3. Medium-Risk Alerts
4. Low-Risk Alerts
All three of these Risk levels are based on threat intelligence scoring using a combination of open-source and closed/commercial feeds. The distinction between high, medium, and low risk is based on factors such as:
Known threat actor activity
Presence in several feeds
Prevalence and recency of the threat in the wild
Read more about how we do Risk Assessment of your Alerts
All alerts in the Key Threats list, regardless of level, have been evaluated through threat intelligence and should be treated with attention. The ranking simply helps prioritize response order, not downplay importance.
Why It Matters
Seculyze’s Key Threats view enables your team to:
Respond to validated threats that are dynamically prioritized more quickly
Focus attention where impact is likely greatest
Reduce alert fatigue while maintaining coverage
Demonstrate real-time risk to management with confidence