Criteria for the Threat Score Calculation

Triggered rules increase the score by the values identified in the chart below based on the highest severity level triggered.

Rules, Severity and Value

Rule

Severity

Value

Recently Linked to Remote Access Trojan

Medium

+2

Historically Linked to Remote Access Trojan

Low

+1

Recently Linked to Ransomware

Medium

+2

Historically Linked to Ransomware

Low

+1

Recently Linked to Penetration Testing Tools

Medium

+2

Historically Linked to Penetration Testing Tools

Low

+1

Recently Linked to Malware

Medium

+2

Historically Linked to Malware

Low

+1

Recently Linked to Exploit Kit

Medium

+2

Historically Linked to Exploit Kit

Low

+1

Linked to Recent Cyber Exploit

Low

+1

Linked to Historical Cyber Exploit

Low

+1

Recently exploited in the wild

Very Critical

+5

Exploited in the wild in the past year

Critical

+4

Historically exploited in the wild

High

+3

Recent remote code execution POC verified

Critical

+4

Recent POC verified

High

+3

Historical remote code execution POC verified

Medium

+2

Recent possible POC

Medium

+2

Historical POC verified

Low

+1

Tools to exploit the vulnerability developed recently

Medium

+2

Tools to exploit the vulnerability developed historically

Low

+1

Recently verified intelligence

High

+3

Historically Verified intelligence

Low

+1

The rule with the highest criticality determines the point range and the starting value for the Threat Score. The ranges for each are as follows:

Criticality - Ranges

Criticality

From

To

Very Critical

71

99

Critical

45

70

High

24

44

Medium

13

23

Low

1

12

None

0

0

Note:when assigning a Threat Score to the SAID, we do not simply add up the scores for each associated vulnerability, but rather follow the same rules outlined here to calculate the Security Advisory threat score.