This article describes the Intelligence Card Extension for FIRST EPSS
About First and EPSS
FIRST is a Forum of Incident Response and Security Teams. Since 1990, when FIRST was founded, its members have resolved an almost continuous stream of security-related attacks and incidents including handling thousands of security vulnerabilities affecting nearly all of the millions of computer systems and networks throughout the world connected by the ever growing Internet. More information is available at https://www.first.org/about/.
The Exploit Prediction Scoring System (EPSS) is an open, data-driven effort for estimating the likelihood (probability) that a software vulnerability will be exploited in the wild. The EPSS model produces a probability score between 0 and 1 (0% and 100%). The higher the score, the greater the probability that a vulnerability will be exploited (in the next 30 days). Please see https://www.first.org/epss/ for more information.
This extension is freely available for any Threat Intelligence, SecOps, or Vulnerability Intelligence module clients to use. Please also see the Getting Started With Intelligence Card Extensions page if you're interested in enabling this extension.
Extending Vulnerability Intelligence Cards
This extension simply shows the EPSS score (which is technically a value from 0-1) for a given vulnerability as a percentage (shown in the extension from 0.0-100.0). In addition, we show the Percentile, which is the percentile of the current score, which is the proportion of all scored vulnerabilities with the same or a lower EPSS score.
Example (for CVE-2010-2568):