How to Prioritize Vulnerabilities with Attaxion Using CISA KEV and EPSS

You can use the CISA KEV status in the Issues catalog to prioritize vulnerabilities. You can also check each CVE-associated issue’s EPSS score to evaluate exploitation risk.

Filtering Vulnerabilities That Are Exploited in the Wild

In Attaxion, on the left menu, go to Issues and click All Issues. Toggle the filter option on the CISA KEV status column and select Detected.

Screenshot ATX-1

You can now see a list of issues which are marked as CISA KEV (known exploited vulnerabilities).

Using EPSS for Prioritization

To see which vulnerabilities are the most pressing, click on an issue with a known CVE (not necessarily a CISA KEV issue) to see its details. At the top, you’ll find the EPSS score and percentile. 

EPSS (Exploit Prediction Scoring System) is a system for estimating the likelihood of exploitation of a particular issue in the wild. The EPSS score is calculated using an AI engine that takes into account multiple factors such as exploit availability, ease of exploitation, severity, and more. 

Attaxion displays EPSS score as a number between 0 and 1. The higher the number, the more likely it is that the vulnerability will be exploited.

The EPSS percentiles are derived from EPSS scores. They provide a measure of an EPSS probability relative to all other scores.