Seemplicity now supports filtering for vulnerabilities based on EPSS percentile.

EPSS is a vulnerability scoring system based on the likelihood that a vulnerability will be exploited. Using machine learning, the model assigns a probability score between 0 and 1 (0% and 100%) to all CVEs, and the higher the score, the greater the chances that the vulnerability will be exploited.

CVSS has been around for a while and is used to measure the severity of a vulnerability. However, it does not take into account whether or not the vulnerability can be exploited. For example, if there is no PoC, the vulnerability might be critical, but not realistically exploitable.

In contrast, EPSS assesses how viable a vulnerability is, with the severity only playing a partial role in the calculation. However, the severity alone is not enough to determine that a vulnerability will score in the 99 percentile.

Seemplicity collects all of the EPSS scores once a week from first.org. Each Finding is assigned the EPSS of the relevant CVE - if there's more than one CVE for a given Finding, it is given the highest EPSS score out of the CVEs.

To search for Findings based on the EPSS percentile, you can create a Filter using the EPSS Percentile field.

Using the above Filter, you would then have the top 0.5% of Findings in your environment.

Within the Findings, you can see more information about the relevant CVEs, the EPSS Percentile, and EPSS Score. For example, in the following Finding for a Flash Player vulnerability, you can see that there are numerous CVEs and the Finding is in the top 0.1%.

While EPSS can be used effectively in your ongoing vulnerability management, Seemplicity recommends that you use it in tandem with other Seemplicity filters, as well as your external threat intel feeds.

A new graph presenting an overview of all of your scopes has been released. The Scopes Overview graph shows you all of the Groups in your organization, how many critical Findings each Scope/Group has, the total Findings divided by severity, and more. This graph provides you an easy way to see which Scopes/Groups in your organization have the most activity, which are being hit the hardest with potentially dangerous attacks, and more.

In addition, you can see which of your teams has resolved the most tickets, which have the largest backlog, etc.

You can now create rules that will automatically change the status for Findings that are ingested based on a specific Filter and Scope. This enables you to reduce noise by automating the remediation flow for a set of Findings.

Note: The Scoring Rules and SLA Rules pages were also moved from Settings to Rules.

For example, all Findings with a given tag, e.g. Archived, can automatically given the status Ignored so your security teams won’t waste time on these items.

Also, you can create a rule for Findings of a specific type or title to be changed to an Exception. Within the rule, you can determine for how long the Findings stay as an exception.

In addition, you can change the status of an Exception if any of the following events occur:

We’ve upgraded the Scope Experience to improve its visibility, functionality and management.

Now it’s easier to see from which resources the Scope is built, change scope content, and search for resources. In addition, we’ve added breadcrumbs that enable you to see where in the Scope hierarchy tree your current scope is. Also, you can create a “draft” scope that is not saved and will facilitate playing with the different options until you find what you are looking for.

Unsaved changes to existing Scopes are clearly indicated with an * next to the Scope name.