CTI Scores
The scores are indicators of malevolence associated with an IP address, computed over several periods of time : 1 day, 1 week, 1 month and overall.
For a given period, the indicator of malevolence is summarized under the total key with a value ranging from 0 (no reports) to 5 (high malevolence).
This value is a summary based on 4 components (see below) also ranging from 0 (Not Applicable/ Missing) to 5 (High), comparing to all the the signals reported by the community.
| indicator | explaination |
|---|---|
| Aggressiveness | What is the intensity of the attack? This component measures the number of attacks reported over a period of time. |
| Threat Level | How serious is the type of threats reported? The category of attacks reported by the community defines the danger induced by the attacks. An IP known for crawling and scanning will have a lower threat level than an IP reported for brute-force and exploits. This score ranges from 1 (mainly crawling) to 5 (exploit). 0 is the default for unknown scenarios |
| Trust | What is the level of confidence in the actors which reported the IP address? This component is based on the reputation (age, number of reports) and the diversity (number of IP ranges, AS Numbers) of all the actors reporting the IP. It ranges from 0 (low_confidence) to 5 (high confidence). |
| Anomaly | What are the red flags associated with this IP address? It analyses the static description of the reported IP address and checks for red flags which can be linked to evidence of malicious activities |
| Total | Aggregation of 4 component calculated on threats reported by the community and described below. |
The ip_range_score is the score of malevolence associated with an IP range, ranging from 0 (No IP reported) to 5 (massively reported). It is calculated based on the number of IPs belonging to this range that were reported by the community as malicious
