From 7af698bbfacf240c038b1765812a57d8a205e24f Mon Sep 17 00:00:00 2001
From: Ryland Herrick <ryalnd@gmail.com>
Date: Tue, 19 Dec 2023 16:41:09 -0600
Subject: [PATCH] Swap Risk Categories 2 and 4

We decided to number our risk categories based on the order in which
they are introduced in kibana. Since Asset Criticality is being released
next, and AC corresponds to the Entity Contexts category, it's now
Category 2.
---
 rfcs/text/0042-risk-score-extensions.md |  4 ++--
 rfcs/text/0042/risk.yml                 | 16 ++++++++--------
 2 files changed, 10 insertions(+), 10 deletions(-)

diff --git a/rfcs/text/0042-risk-score-extensions.md b/rfcs/text/0042-risk-score-extensions.md
index 209c7e692..3fdcee533 100644
--- a/rfcs/text/0042-risk-score-extensions.md
+++ b/rfcs/text/0042-risk-score-extensions.md
@@ -101,8 +101,8 @@ The following is an example risk score generated from Detection Engine Alerts, c
         "calculated_score": 150,
         "category_1_score": 80,
         "category_1_count": 4354,
-        "category_5_score": 10,
-        "category_5_count": 1,
+        "category_2_score": 10,
+        "category_2_count": 1,
         "criticality_level": "very_important",
         "criticality_modifier": 2.0,
         "notes": [],
diff --git a/rfcs/text/0042/risk.yml b/rfcs/text/0042/risk.yml
index 107feda2b..3ea3319fd 100644
--- a/rfcs/text/0042/risk.yml
+++ b/rfcs/text/0042/risk.yml
@@ -47,19 +47,19 @@
     - name: category_2_score
       level: extended
       type: float
-      example: 35.0
+      example: 55.0
       description: >
         The contribution of Category 2 to the overall normalized risk score (`calculated_score_norm`).
 
-        Risk Categories logically group risk inputs from various domain use cases. Category 2 includes inputs from Posture Management.
+        Risk Categories logically group risk inputs from various domain use cases. Category 2 includes Entity Contexts.
     - name: category_2_count
       level: extended
       type: long
-      example: 1921
+      example: 1308
       description: >
         The number of risk input documents that contributed to the Category 2 score.
 
-        Risk Categories logically group risk inputs from various domain use cases. Category 2 includes inputs from Posture Management.
+        Risk Categories logically group risk inputs from various domain use cases. Category 2 includes Entity Contexts.
     - name: category_3_score
       level: extended
       type: float
@@ -79,19 +79,19 @@
     - name: category_4_score
       level: extended
       type: float
-      example: 55.0
+      example: 35.0
       description: >
         The contribution of Category 4 to the overall normalized risk score (`calculated_score_norm`).
 
-        Risk Categories logically group risk inputs from various domain use cases. Category 4 includes Entity Contexts.
+        Risk Categories logically group risk inputs from various domain use cases. Category 4 includes inputs from Posture Management.
     - name: category_4_count
       level: extended
       type: long
-      example: 1308
+      example: 1921
       description: >
         The number of risk input documents that contributed to the Category 4 score.
 
-        Risk Categories logically group risk inputs from various domain use cases. Category 4 includes Entity Contexts.
+        Risk Categories logically group risk inputs from various domain use cases. Category 4 includes inputs from Posture Management.
     - name: category_5_score
       level: extended
       type: float