You are viewing docs on Elastic's new documentation system, currently in technical preview. For all other Elastic docs, visit

Entity risk scoring prerequisites

Requirements for using entity risk scoring.

To use entity risk scoring, you need the appropriate user role. Entity risk scoring requires the Security Analytics Complete project feature.

This page covers the requirements for using the entity risk scoring feature, as well as its known limitations.

User roles

To turn on the risk scoring engine, you need one of the following Security user roles:

  • Platform engineer
  • Detections admin
  • Admin

Known limitations

The risk scoring engine uses an internal user role to score all hosts and users, and doesn't respect privileges applied to custom users or roles. After you turn on the risk scoring engine, all alerts in the project will contribute to host and user risk scores.

On this page