Skip to main content

Criteria for the Threat Score Calculation

Triggered rules increase the score by the values identified in the chart below based on the highest severity level triggered.

RuleSeverityValue
Recently Linked to Remote Access TrojanMedium+2
Historically Linked to Remote Access TrojanLow+1
Recently Linked to RansomwareMedium+2
Historically Linked to RansomwareLow+1
Recently Linked to Penetration Testing ToolsMedium+2
Historically Linked to Penetration Testing ToolsLow+1
Recently Linked to MalwareMedium+2
Historically Linked to MalwareLow+1
Recently Linked to Exploit KitMedium+2
Historically Linked to Exploit KitLow+1
Linked to Recent Cyber ExploitLow+1
Linked to Historical Cyber ExploitLow+1
Recently exploited in the wildVery Critical+5
Exploited in the wild in the past yearCritical+4
Historically exploited in the wildHigh+3
Recent remote code execution POC verifiedCritical+4
Recent POC verifiedHigh+3
Historical remote code execution POC verifiedMedium+2
Recent possible POCMedium+2
Historical POC verifiedLow+1
Tools to exploit the vulnerability developed recentlyMedium+2
Tools to exploit the vulnerability developed historicallyLow+1
Recently verified intelligenceHigh+3
Historically Verified intelligenceLow+1

The rule with the highest criticality determines the point range and the starting value for the Threat Score. The ranges for each are as follows:

CriticalityFromTo
Very Critical7199
Critical4570
High2444
Medium1323
Low112
None00
note

When assigning a Threat Score to the SAID, we do not simply add up the scores for each associated vulnerability, but rather follow the same rules outlined here to calculate the Security Advisory threat score.