A Source Score is calculated based on the attributes of sources that are visible in the Threat Ranking page or within enriched data.

There are two types of Source Scores:

• Automated
• Custom (Manual)

On the Threat Ranking page displays the highest Source Score taken from both automated and manual scores.

Automated scores

Automated source scores are calculated based on a variety of individual attributes, including:

• Last Updated - A score value based on the last time the feed received any updates. The fewer hours that are involved, the higher the score.
• Frequency - The interval between two updates of the feed or collection. A source that is updated hourly has a highest rating.
• Accuracy - A value based on user feedback regarding false positives contained within a feed, calculated by number of reported false positives within a two week time frame.
• False Positive - The number of false positives compared with total number of IoCs contained within a source.
• True Positive - A percentage value based on the number of true positives (Seen it) compared with total number of iocs in a particular source.
• Geographic Spread (IPv4 sources) - A score based on how many different continents a source's IoCs are spread over. A higher number of continents equates to a higher score.

Custom (manual) scores

A Custom source score can be added during the creation of the source (feed or collection), or any time the user edits a source.