Scoring¶
Details about scores in Silent Push API¶
A brief overview of different scores available in API responses
Domain related scores¶
age_score
based on the age of the domain as seen in DNS zone files
a more recently created domain scores higher
is_new_score
the is_new_score is 100 if the domain has been created within the last 24 hours
newly created domains represent a higher risk when observed in network traffic
dga_probability_score
indicates the likelihood that the domain name is the result of a Domain Generating Algorithm
url_shortener_score
100 if the domain is a known url shortener service
scored alternative to the is_url_shortener flag
listing_score
shows if the domain has previously been seen on any of a selection of highly trusted threat intelligence feeds
the score is graded based on recency and frequency of prior listings
ns_reputation_score
reputation score for the name servers currently associated with this domain
name server reputation is based on the number of domains hosted on the name server versus the number of those domains listed in threat intelligence feeds
ns_entropy_score
an indication of frequency and recency of historic changes of name servers for this domain
more frequent and/or recent name server changes may add to levels of suspicions about the domain
sp_risk_score
the Silent Push Risk Score provides an at-a-glance assessment of the risk associated with this domain
the sp_risk_score is equal to the highest of the following scores, but will be reduced to 0 if any of these flags is true: is_expired, is_parked, is_sinkholed
ns_entropy_score, ns_reputation_score, is_new_score, age_score, listing_score
IPv4 related scores¶
asn_rank_score
a weighted measure of the type of feed where IPv4 addresses in this ASN have been listed
listings on malware feeds are counted with a higher weight than listings on phishing feeds, for example
all ASNs with listings are ranked against each other
asn_reputation_score
a measure of IPv4 addresses in this ASN that have been listed on certain feeds
the score reflects volume rather than severity
the reputation score is calculated as a logarithmic ratio of listed vs active IPv4 addresses in the ASN, where an active IPv4 address is any IP with a current A record in Silent Push Passive DNS
asn_takedown_reputation_score
a measure of how long it takes for malicious URLs to be taken down by the ISP abuse desk
we only count URLs that have a minimum age of X days and the aggregation is the number of items/URLs listed
the total count of items listed is then compared to the total number of IPs in the ASN using a specific formula
all ASNs with listings are ranked against each other
ip_is_dsl_dynamic_score
100 if the IPv4 address is part of dynamically allocated/residential IP space
scored alternative to the ip_is_dsl_dynamic flag
listing_score
shows if the IPv4 address has previously been seen on any of a selection of highly trusted threat intelligence feeds
the score is graded based on recency and frequency of prior listings
subnet_reputation_score
a measure of IPv4 addresses in this subnet that have been listed on certain feeds
the score reflects volume rather than severity
the reputation score is calculated as a logarithmic ratio of listed vs active IPv4 addresses in the subnet, where an active IPv4 address is any IP with a current A record in Silent Push Passive DNS
ip_reputation_score
a measure of the number of DNS A record names resolving to this IPv4 address and that have been listed on certain feeds
the score reflects volume rather than severity
the reputation score is calculated as a logarithmic ratio of listed names (A records) vs all active A records resolving to this IPv4 address, where an active A record is any current A record in Silent Push Passive DNS
sp_risk_score
the Silent Push Risk Score provides an at-a-glance assessment of the risk associated with this IPv4 address
the sp_risk_score is equal to the highest of the following scores, but will be reduced to 0 if any of these flags is true: known_benign, known_sinkhole_ip
ip_reputation, subnet_reputation, asn_reputation, asn_takedown_reputation, asn_rank, listing_score