Threat Score


#1

Would someone please explain the up to date explanation of “threat score” as it relates to creating firewall rules?

Is a threat score of 10 high or low risk? What would be an example of a firewall rule to create high security; then low security?

Would this be a rule to create HIGH security:

If the THREAT SCORE is GREATER THAN 5 then BLOCK access?

If not what would be the correct syntax?

Is a threat score of 10 good, or bad? How about 50?


#2

This field represents a risk score, 0 indicates low risk as determined by Cloudflare. Values above 10 may represent spammers or bots, and values above 40 point to bad actors on the Internet. It is rare to see values above 60, so tune your firewall rules to challenge those above 10, and to block those above 50.


#3

As Sandro’s said, this is a good guide. I would suggest having anything above 5-10 to at least be challenge. That’ll deal with a majority of the spam bots that are out there.


#4

Yes, his post was a good explanation.

I have set one rule to block any threat score greater than 20; and challenge any score greater than 10 but less than 20. It seems to be do a good job.

However, I am thinking about going with a challenge to greater than 5 and less than 20. There’s a lot of bad actors out there these days.


#5

There are several articles on the internet about threat scores and threat levels:




But there isn’t any page where we can check the exact score for an IP address. Why?