- Find a way to change the threat level based on some scale - The llm summarizer might be able to detect this - We can have some score the is higher if the ports are more; eg the score = number_of_ports * confidence or something - Check how the portscans are generated, the algorithm and we need to do something about it