# Exploit Prediction Scoring System (EPSS)

The Exploit Prediction Scoring System (EPSS) is a data-driven effort for estimating the likelihood (probability) that a software vulnerability will be exploited in the wild. The EPSS model produces a **probability score** between 0 and 1 (0 and 100%) for all CVE vulnerabilities. The higher the score, the greater the probability that a vulnerability will be exploited. Additionally **percentiles** are calculated, which are a direct transformation from probabilities and provide a measure of an EPSS probability relative to all other scores. That is, the percentile is the proportion of all values less than or equal to the current rank. A good overview of EPSS scores and EPSS percentiles is given in Probability, Percentiles, and Binning - How to understand and interpret EPSS Scores. The EPSS data is updated daily.

SecObserve imports the EPSS data and updates all observations with a CVE value with the EPSS score and EPSS percentile regularly. After an import of a vulnerability scan, all observations with a CVE number contained in the import are updated with the EPSS score and EPSS percentile as well.

## Configuration

Per default the task to import the EPSS data and update the observations is scheduled to run every night at 03:00 UTC time. This default can be changed by administrators via the admin user interface. The expressions for `BACKGROUND_EPSS_IMPORT_CRONTAB_MINUTES`

and `BACKGROUND_EPSS_IMPORT_CRONTAB_HOURS`

have to be valid values according to https://huey.readthedocs.io/en/latest/api.html#crontab:

`*`

= every distinct value (every minute, every hour)`*/n`

= run every`n`

times, i.e. hours=’*/4’ == 0, 4, 8, 12, 16, 20`n`

= run every`n`

(minutes 0 - 60, hours 0 - 24)`m-n`

= run every time m..n`m,n`

= run on m and n

Hours are always in UTC time.