I have the following field in my logs
this field has integer values from 0-7. I have created a threat rule as follows
severity == 6
and given it a score of 50.
However when the logs get enriched and indexed. The rule does not assign a score to the record. It does get identified as a alert because the is_alert field is true.