What is Musubu


Musubu is a web service API that provides information on known IP addresses plus cyber threat judgments and details on associated, observed malicious activity and their volumes. 

How Does it Work?

Using a variety of IP and cyber data sets created for use in the U.S. government, Musubu provides details on potential cyber threats associated with an IP address plus a measurement of the IP's overall threat/risk rating.

The threat score is assigned using the following logic:

if(fom > 70)
            return "High";
        if(fom > 40)
            return "Medium";
        if((fom <= 20) && (blclass.equalsIgnoreCase("unlisted")))
            return "Low";
        return "Nuisance";

"Nuisance" is the default, 20 to 39, <20 is Low, 40 to 70 is Medium, >70 is High
The scoring and ranges are entirely in Musubu.
The scores are also ephemeral, based on the latest set of observations in the DB
We calculate them on demand, the score isn't in the DB at any point

The scores are calculated using a weighted sum based on the blacklist class threat level (combination of inputs from PF, KN, and SW), ticpi score of the country of origin, and the number of "threatening neighbors" in that CIDR block.
How this is done is our proprietary analytics or “secret sauce”.