Threat rating calculation is performed based on which factors?
A.
risk rating and adjustment based on the prevention actions taken
B.
threat rating and event action overrides
C.
event action overrides and event action filters
D.
risk rating and target value rating
E.
alert severity and alert actions
Explanation:
http://www.cisco.com/en/US/prod/collateral/vpndevc/ps5729/ps5713/ps4077/prod_white_paper0 900aecd806e7299.html
Threat rating is a quantitative measure of your network’s threat level after IPS mitigation. The formula for threat rating is:
Threat Rating = Risk Rating – Alert Rating
The values of the alert ratings are listed below.
45: deny-attacker-inline
40: deny-attacker-victim-pair-inline
40: deny-attacker-service-pair-inline
35: deny-connection-inline
35: deny-packet-inline
35: modify-packet-inline
20: request-block-host20: request-block-connection
20: reset-tcp-connection
20: request-rate-limit
For example, if an alert had a risk rating of 100 and the IPS mitigates the event with a deny- attacker-inlineaction, the threat rating would be calculated as:
Threat Rating = Risk Rating – Alert Rating, or 100 – 45 = 55.
Threat rating brings the value of risk rating to a new level. By taking the IPS mitigation action into account, threat rating helps you further focus on the most
important threats that have not been mitigated.