Criteria for the Threat Score Calculation
Triggered rules increase the score by the values identified in the chart below based on the highest severity level triggered.
Rule |
Severity |
Value |
Recently Linked to Remote Access Trojan |
Medium |
+2 |
Historically Linked to Remote Access Trojan |
Low |
+1 |
Recently Linked to Ransomware |
Medium |
+2 |
Historically Linked to Ransomware |
Low |
+1 |
Recently Linked to Penetration Testing Tools |
Medium |
+2 |
Historically Linked to Penetration Testing Tools |
Low |
+1 |
Recently Linked to Malware |
Medium |
+2 |
Historically Linked to Malware |
Low |
+1 |
Recently Linked to Exploit Kit |
Medium |
+2 |
Historically Linked to Exploit Kit |
Low |
+1 |
Linked to Recent Cyber Exploit |
Low |
+1 |
Linked to Historical Cyber Exploit |
Low |
+1 |
Recently exploited in the wild |
Very Critical |
+5 |
Exploited in the wild in the past year |
Critical |
+4 |
Historically exploited in the wild |
High |
+3 |
Recent remote code execution POC verified |
Critical |
+4 |
Recent POC verified |
High |
+3 |
Historical remote code execution POC verified |
Medium |
+2 |
Recent possible POC |
Medium |
+2 |
Historical POC verified |
Low |
+1 |
Tools to exploit the vulnerability developed recently |
Medium |
+2 |
Tools to exploit the vulnerability developed historically |
Low |
+1 |
Recently verified intelligence |
High |
+3 |
Historically Verified intelligence |
Low |
+1 |
The rule with the highest criticality determines the point range and the starting value for the Threat Score. The ranges for each are as follows:
Criticality |
From |
To |
Very Critical |
71 |
99 |
Critical |
45 |
70 |
High |
24 |
44 |
Medium |
13 |
23 |
Low |
1 |
12 |
None |
0 |
0 |
Note:when assigning a Threat Score to the SAID, we do not simply add up the scores for each associated vulnerability, but rather follow the same rules outlined here to calculate the Security Advisory threat score.