Fidelity rating and risk rating.

Advertisement
Hi.
what is difference between fidelity rating and risk rating?
Advertisement

Replay

what is difference between fidelity rating and risk rating?
Signature Fidelity Rating (SFR) - A weight associated with how well a signature might perform in the absence of specific knowledge of the target. The Signature Fidelity Rating is configured per signature and indicates how accurately the signature detects the event or condition it describes.
Signature Fidelity Rating is calculated by the signature author on a per-signature basis. The signature author defines a baseline confidence for the accuracy of the signature in the absence of qualifying intelligence on the target. It represents the confidence that the detected behavior would produce the intended effect on the target platform if the packet under analysis were allowed to be delivered. For example, a signature that is written with very specific rules (specific regular expression) has a higher Signature Fidelity Rating than a signature that is written with generic rules.
Calculated Risk Rating (RR) - A value between 0 and 100  that represents a numerical quantification of the risk associated with a  particular event on the network. Risk Ratings let you prioritize alerts that need  your attention.
The Risk Rating is calculated from  several components, some of which are configured, some collected, and  some derived. The Risk Rating factors take into consideration the  severity of the attack if it succeeds, the fidelity of the signature,  the reputation score of the attacker from the global correlation data,  and the overall value of the target host to you. The full formula used for calculating Risk Rating can be found in Figure 7-2 (Risk Rating Formula) of the Configuration Guide, and the values used are described in more detail in the section above that figure.