Skip to content

Commit 49248ad

Browse files
authored
add description for opportunity and momentum score (#1013)
1 parent 5033bd7 commit 49248ad

1 file changed

Lines changed: 3 additions & 1 deletion

File tree

  • crowdsec-docs/unversioned/tracker_api

crowdsec-docs/unversioned/tracker_api/intro.mdx

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -31,7 +31,9 @@ For a CVE, get:
3131
- Relevant information about payload such as targeted URI
3232
- Description of exploitation patterns, from targeted to large-scale opportunistic attacks
3333
- **CrowdSec Scores**:
34-
- CrowdSec Live Exploit Tracker Score: The higher the score, the stronger is the momentum around the vulnerability. Vulnerabilities that have been exploited for a while or opportunsticly will get a lower score.
34+
- CrowdSec Score: A one-size-fits-all score that indicates how a SOC could prioritize a security alert for a given CVE. Generally CVEs where CrowdSec observes strong increases in targeted attacks have a higher score than vulnerabilities which are mainly used by automated mass-scanners in non-sophisticated global campaigns.
35+
- Opportunity Score: A score from 0 to 5 indicating how opportunistic the attackers for a given CVE operate. A score of 0 is given to CVEs where attackers essentially target IPs at random in an automated fashion while a score of 5 is given to CVEs which see precisely targeted exploitation making alerts much more indicative of a dangerous attack campaign targeting your organization.
36+
- Momentum Score: A score from 0 to 5 indicating the how current exploitation volume compares to historical averages for a given CVE. CVEs where we observe below average attack volume (decreasing trend) are given a low score, while CVEs where we see rapidly growing attack volume (increasing trend) are given a high score.
3537
- Exploitation Status: The current exploitation status of the vulnerability, from "early exploitation" to "background noise".
3638
- **Timeline information**:
3739
- First and Last exploitation observed

0 commit comments

Comments
 (0)