AlyaGomaa
commented
1 week ago that score meant the confidence not the threat level. made it more clear here #1045
Closed AlyaGomaa closed 1 week ago
AlyaGomaa
commented
1 week ago that score meant the confidence not the threat level. made it more clear here #1045
sometimes it's converted to "high" from CTU-Malware-Capture-Botnet-219-2/Day1
{"Version": "2.0.3", "Analyzer": {"IP": "0.0.0.0", "Name": "Slips", "Model": "1.1.2", "Category": ["NIDS"], "Data": ["Flow", "Network"], "Method": ["Heuristic"]}, "Status": "Event", "ID": "29eb469f-49da-47ef-a2d4-256b821be75c", "Severity": "High", "StartTime": "1970-01-01T00:35:52.996177+00:00", "CreateTime": "2024-10-08T17:21:37.801464+00:00", "Confidence": 0.5, "Description": "Malicious downloaded file 9377838b0621b6eb6018b244586af2f9. size: 166 from IP: 192.168.1.113. Detected by: VirusShare, circl.lu. Score: 0.5. threat level: high.", "Source": [{"IP": "73.217.118.205", "Note": "{\"AS\": {\"org\": \"COMCAST-7922, US\", \"number\": \"AS7922\"}, \"rDNS\": \"c-73-217-118-205.hsd1.co.comcast.net\"}", "TI": ["PBL ISP Maintained, spamhaus"]}], "RelID": ["ec7dd838-6836-49f2-86d7-00078b88a5e8"], "Note": "{\"uids\": [\"C8Lb8sI1CNBPmxu8b\"], \"accumulated_threat_level\": 0.4, \"threat_level\": \"high\", \"timewindow\": 1}"}