Scoring Model Overview
netbobr uses a four-factor additive scoring model. Each factor measures a different dimension of risk exposure and contributes a bounded number of points to the final score.
The four factors
| Factor | Default Max | What it measures |
|---|---|---|
| Source Breadth | 25 | How wide the source address range is |
| Destination Breadth | 30 | How wide the destination address range is (blast radius) |
| Port Exposure | 25 | How many ports are open and how risky those services are |
| Zone Policy | 20 | Whether the zone matrix allows, reviews, or denies the flow |
The default caps sum to 100, which is also the maximum possible score.
Customizable weights
Factor caps are configurable through the Risk Score Weights panel on the Rules tab. You can redistribute points across the four factors to match your organization's risk priorities - the only constraint is that the four caps must sum to exactly 100.
Score calculation
The final score is computed in three stages:
- Factor scoring - each factor independently produces a raw contribution between 0 and its cap.
- Summation - the four factor contributions are added together.
- Floors and penalties - post-processing rules enforce minimum scores for dangerous patterns (zone policy violations, plaintext protocols, any-any combos) and add penalties where appropriate. See Floors & Penalties for details.
flowchart TD
A[Input Flow] --> B[Parse IPs / Ports]
B --> C[Score Source Breadth]
C --> D[Score Destination Breadth]
D --> E[Score Port Exposure]
E --> F[Score Zone Policy]
F --> G[Sum Raw Score]
G --> H[Apply Zone Policy Floor]
H --> I[Apply Plaintext Floor / Penalty]
I --> J[Apply Any-Any Floor]
J --> K[Final Score + Label]
Risk labels
The final numeric score maps to a label via configurable thresholds. The defaults are:
| Rating | Score Range |
|---|---|
| Low | 0 - 25 |
| Medium | 26 - 50 |
| High | 51 - 75 |
| Critical | 76 - 100 |
These labels appear on risk score badges throughout the UI and in exported results.