# Threat Score Calculation - Examples

Some examples to explain how we would arrive at a Threat Score.

Example 1

A SAID has two CVEs; two come back as exploited.

Triggered Rules

The following rules are triggered:

 • CVE1 triggers
 • Historically Linked to Remote Access Trojan
 • Recent remote code execution POC verified
 • CVE2 triggers
 • Historically Linked to Exploit Kit

The Threat Score would be 51.

Calculating the Score

The criticality range is set by the most critical rule triggered, which is critical. This sets the score's maximum and minimum range as between 45 and 70.

 Item Value Base Score +45 Recent remote code execution POC verified +4 Linked to Recent Cyber Exploit +1 Historically Linked to Remote Access Trojan +1 Threat Score (Sum of above values) 51

Example 2

A SAID has seven CVEs; and all come back as exploited.

Triggered Rules

The following rule is triggered by all CVEs:

 • CVE1, CVE2, CVE3, CVE4, CVE5, CVE6 and CVE7 triggers

The Threat Score would be 23.

Calculating the Score

The criticality range is set by the most critical rule triggered, which is critical. This sets the score's maximum and minimum range as between 13 and 23.

 Item Value Base Score +13 Recently Linked to Malware +2 * 7 CVE = +14 Threat Score (Sum of above values) 27 Note:At this point, we have exceeded the maximum for a critical threat, which is 23, so the score is 23.

Example 3

A SAID has one CVE and it comes back as exploited.

Triggered Rules

The following rule is triggered:

 • CVE1 triggers
 • Historically exploited in the wild

The Threat Score would be 27.

Calculating the Score

The criticality range is set by the most critical rule triggered, which is high. This sets the score's maximum and minimum range as between 24 and 44.

 Item Value Base Score +24 Historically exploited in the wild +3 Threat Score (Sum of above values) 27

Example 4

A SAID has many CVEs, none come back as exploited.

The score would be 0 because there are no rules triggered.