Understanding the Exploit Prediction Scoring System (EPSS) integration

  • リリースバージョン: Australia
  • 更新日 2026年03月12日
  • 所要時間:5分

    • Overview of the EPSS integration with Vulnerability Response.

    Request apps on the Store

    Visit the ServiceNow Store to view all the available apps, and for information about submitting requests to the store. For cumulative release notes information for all released apps, see the ServiceNow Store version history release notes.

    Overview

    The Exploit Prediction Scoring System (EPSS) integration imports EPSS data related to common vulnerabilities and exposures (CVEs) from First.org to prioritize and remediate vulnerabilities. For more information see, https://www.first.org. The Exploit Prediction Scoring System (EPSS) is a data-driven effort for estimating the likelihood (probability) that a software vulnerability will be exploited in the wild. The EPSS model produces a probability score between 0 and 1 (0 and 100%). The higher the score, the greater the probability that a vulnerability will be exploited.

    Data imports from the EPSS integration, further enrich the NVD data in your instance. If NVD records are not present, then it will create a placeholder in the CVE table and add EPSS details in the same table. Run this integration as part of your initial setup of Vulnerability Response and prior to importing vulnerability data into your instance with a third-party scanner product.

    重要:
    There is a configured run-as user for each integration record. The default value for this user is VR.System. Do not change this value.

    Initial import of data with the EPSS integration

    1. Perform an initial import of EPSS data with the First.org EPSS Integration. For more information, see Configure and run a scheduled job to update CVE records with EPSS data.
      重要:
      You perform EPSS updates Daily from the integration record by default, and you must configure it if you want it to run as a scheduled job.
    2. Third-party libraries are updated as scheduled jobs. For more information, see Importing data with the NVD and CWE integrations and managing third-party libraries.
      重要:
      It is recommended to perform NIST National Vulnerability Database Integration - API (CVE only) integrations before EPSS.
    Perform the EPSS imports prior to importing vulnerability data with a third-party product. Third-party libraries are updated as scheduled jobs. Refer to your integration documentation at Vulnerability Response integrations for more information about third-party integrations.
    重要:
    The following integration is included in the base system. The integration is active by default.

    After the initial run, base system scheduled jobs run the integrations automatically in order. You can also execute individual scheduled jobs manually. Scheduled jobs simplify the vulnerability remediation life cycle by keeping the instance synchronized with other vulnerability management systems.

    On activation of the EPSS integration, the EPSS Score, EPSS Percentile, and EPSS Last Modified fields are added to the Vulnerability Entries table. For existing CVEs these fields are auto-updated on successful completion of the initial import job. If there are new CVEs that are added to the Vulnerability Entries table after the completion of the EPSS scheduled job, the newly added CVEs will indicate their source as EPSS. The scores are rolled up to existing TPEs from CVEs from the NVD table, using the base system Rollup EPSS score from NVD to TPEs calculator. You can also modify the calculator. For more information, see Vulnerability Response Rollup Calculators.