Criteria for the Threat Score Calculation
Triggered rules increase the score by the values identified in the chart below based on the highest severity level triggered.
Rule |
Severity |
Value |
Recently Linked to Remote Access Trojan |
Very Critical |
+5 |
Historically Linked to Remote Access Trojan |
Critical |
+4 |
Recently Linked to Ransomware |
Very Critical |
+5 |
Historically Linked to Ransomware |
Critical |
+4 |
Recently Linked to Penetration Testing Tools |
Medium |
+2 |
Historically Linked to Penetration Testing Tools |
Low |
+1 |
Recently Linked to Malware |
High |
+3 |
Historically Linked to Malware |
Medium |
+2 |
Recently Linked to Exploit Kit |
Very Critical |
+5 |
Historically Linked to Exploit Kit |
Critical |
+4 |
Linked to Recent Cyber Exploit |
Low |
+1 |
Linked to Historical Cyber Exploit |
Low |
+1 |
The rule with the highest criticality determines the point range and the starting value for the Threat Score. The ranges for each are as follows:
Criticality |
From |
To |
Very Critical |
71 |
99 |
Critical |
45 |
70 |
High |
24 |
44 |
Medium |
13 |
23 |
Low |
1 |
12 |
None |
0 |
0 |
Note:when assigning a Threat Score to the SAID, we do not simply add up the scores for each associated vulnerability, but rather follow the same rules outlined here to calculate the Security Advisory threat score.