You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: crowdsec-docs/unversioned/tracker_api/intro.mdx
+3-1Lines changed: 3 additions & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -31,7 +31,9 @@ For a CVE, get:
31
31
- Relevant information about payload such as targeted URI
32
32
- Description of exploitation patterns, from targeted to large-scale opportunistic attacks
33
33
-**CrowdSec Scores**:
34
-
- CrowdSec Live Exploit Tracker Score: The higher the score, the stronger is the momentum around the vulnerability. Vulnerabilities that have been exploited for a while or opportunsticly will get a lower score.
34
+
- CrowdSec Score: A one-size-fits-all score that indicates how a SOC could prioritize a security alert for a given CVE. Generally CVEs where CrowdSec observes strong increases in targeted attacks have a higher score than vulnerabilities which are mainly used by automated mass-scanners in non-sophisticated global campaigns.
35
+
- Opportunity Score: A score from 0 to 5 indicating how opportunistic the attackers for a given CVE operate. A score of 0 is given to CVEs where attackers essentially target IPs at random in an automated fashion while a score of 5 is given to CVEs which see precisely targeted exploitation making alerts much more indicative of a dangerous attack campaign targeting your organization.
36
+
- Momentum Score: A score from 0 to 5 indicating the how current exploitation volume compares to historical averages for a given CVE. CVEs where we observe below average attack volume (decreasing trend) are given a low score, while CVEs where we see rapidly growing attack volume (increasing trend) are given a high score.
35
37
- Exploitation Status: The current exploitation status of the vulnerability, from "early exploitation" to "background noise".
0 commit comments