Skip to main content

FIRST Exploit Prediction Scoring System (EPSS)

The Exploit Prediction Scoring System (EPSS) by the Forum of Incident Response and Security Teams (FIRST) is an open, data-driven effort for estimating the probability of a software vulnerability being exploited. You can bring these findings into Brinqa to construct a unified view of your attack surface.

This document details the information you must provide for the connector to authenticate with FIRST EPSS and how to obtain that information from FIRST EPSS. See create a data integration for step-by-step instructions on setting up the integration.

Required connection settings

When setting up a data integration, select FIRST Exploit Prediction Scoring System from the Connector drop-down. If you cannot find the connector in the drop-down, make sure that you have installed it first. You must provide the following information to integrate FIRST EPSS with Brinqa:

  • API URL: The FIRST EPSS API Server URL. The default URL is https://api.first.org.

Additional settings

The FIRST EPSS connector contains additional options for specific configuration:

  • Set page size: The maximum number of records to get per API request. The default setting is 1000.

  • Parallel requests: The maximum number of parallel API requests. The default setting is 2.

Types of data to retrieve

The FIRST EPSS connector retrieves the following types of data from the EPSS API:

Connector ObjectRequiredMaps to Data Model
EPSSYesCVE record
info

The FIRST EPSS connector does not currently support operation options for the types of data it retrieves.

For detailed steps on how to view the data retrieved from FIRST EPSS in the Brinqa Platform, see How to view your data.

APIs

The FIRST EPSS connector uses the EPSS API. Specifically, it uses the following endpoint:

  • https://api.first.org/data/v1/epss

Changelog

The FIRST EPSS connector has undergone the following changes:

3.0.3

  • Upgraded to the latest Connector Framework.

3.0.2

  • Updated the UID mappings.

3.0.1

  • Changed the EPSS score and percentile to a scale of 0 to 100.

3.0.0