How can we read the Threat Intelligence confidence level?

Stellar Cyber has extended information about where it gets threat intelligence and what the confidence level is for each event.

It represents the threat intelligence sources matched with data inside the interflow record as OBSERVABLE_reputation_source, and the confidence level of the intelligence feed as a threat intelligence score.

If Stellar Cyber found more than one source with threat intelligence, it shows the list of sources and combines the confidence level from the individual sources to reflect an overall threat intelligence score.

You can see a few examples below.

srcip_reputation:TorNode / dstip_reputation_source:ETPro / threat_score 60

dstip_reputation:SpywareCnC / dstip_reputation_source:ETPro / threat_score80