Threat Feeds Measured Performance(12/19/2019 11:25pm to 12/26/2019 11:25pm UTC)

How to interpret these numbers

This page shows the relative performance of the reputation feeds from MineMeld. We rank Reputation feeds performance in 2 dimensions: The severity of the kind of Malware they are able to detect, and how well they are able to detect any Malware.

  • The severity is our estimate of what class of malware was detected. If it is spyware or an undesirable application, its severity is low. If it is a Bot designed to hijack your computer, ransomware or any type of malware which will compromise your data, it is ranked 100.
  • The detection rate is calculated over all malware reported in this period. This measures of how effective each vendor is with respect to the others.

Bubbles toward the top right represent the best performers

How we get these numbers

MetaFlows' MienMeld is an open source threat feed management system that gathers IP addresses, URLs, and domains which pose a significant network security threat. The threat feed sources can either be free, subscription-based or proprietary. MineMeld re-scans the feeds at regular time intervals and continuously aggregates and updates the set of all threat indicators to be consumed by fierwalls, IDS/IPS, or any other security device.

MetaFlows now includes MineMeld public threat feeds to augment our existing intelligence sources. The public threat feeds amount to about 200,000 additional indicators updated every few hours. Users also have the ability to add site-specific (either subscription-based or private) MimeMeld sources.

Threat Feed Avg Priority (avgp) Total Priority (totp) Relative Detection Rate (tpr = tph / gh) Severity (avgp * tpr) Prevalence (totp * tpr)

The table below the bubble graph shows the sortable raw data. The first column is the invariant extracted from the events. If you have an account with MetaFlows, you can click on certain invariants to see if your sensors have detected it. The other columns should be self-explanatory. Hovering over a bubble or set of overlapping bubbles shows the raw data represented by the bubble(s) selected. This selection is sticky so that you can go to the table and inspect the data or click on the links within the table. To see all rows in the table, click outside any bubble.