A Source Score is calculated based on the attributes of sources that are visible in the Threat Ranking page or within enriched data.
There are two types of Source Scores:
AutomatedCustom (Manual)
On the Threat Ranking page displays the highest Source Score taken from both automated and manual scores.
Example
A source (feed or collection) is created with 60 as a custom score and 75 as an automated score. On the Threat Ranking and Enrichment pages, the source score is set to 75.
Automated scores
Automated source scores are calculated based on a variety of individual attributes, including:
Last Updated- A score value based on the last time the feed received any updates. The fewer hours that are involved, the higher the score.Frequency- The interval between two updates of the feed or collection. A source that is updated hourly has a highest rating.Accuracy- A value based on user feedback regarding false positives contained within a feed, calculated by number of reported false positives within a two week time frame.False Positive- The number of false positives compared with total number of IoCs contained within a source.True Positive- A percentage value based on the number of true positives (Seen it) compared with total number of iocs in a particular source.Geographic Spread(IPv4 sources) - A score based on how many different continents a source's IoCs are spread over. A higher number of continents equates to a higher score.
Custom (manual) scores
A Custom source score can be added during the creation of the source (feed or collection), or any time the user edits a source.