stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity

partly or unimplemented features - now implemented

Browse Source
This commit is contained in:
master
2026-02-09 08:53:51 +02:00
parent 1bf6bbf395
commit 4bdc298ec1
674 changed files with 90194 additions and 2271 deletions
Download Patch File Download Diff File Expand all files Collapse all files

51
docs/modules/risk-engine/architecture.md
View File

@@ -166,6 +166,57 @@ public interface ICvssKevSources
---
## 4.4 Exploit Maturity Service
The **ExploitMaturityService** consolidates multiple exploitation signals into a unified maturity level for risk prioritization.
### Maturity Taxonomy
| Level | Description | Evidence |
|-------|-------------|----------|
| `Unknown` | No exploitation intelligence available | No signals or below thresholds |
| `Theoretical` | Exploit theoretically possible | Low EPSS (<10%) |
| `ProofOfConcept` | PoC exploit exists | Moderate EPSS (10-40%) |
| `Active` | Active exploitation observed | High EPSS (40-80%), in-the-wild reports |
| `Weaponized` | Weaponized exploit in campaigns | Very high EPSS (>80%), KEV listing |
### Signal Sources
```csharp
public interface IExploitMaturityService
{
Task<ExploitMaturityResult> AssessMaturityAsync(string cveId, CancellationToken ct);
Task<ExploitMaturityLevel?> GetMaturityLevelAsync(string cveId, CancellationToken ct);
Task<IReadOnlyList<MaturityHistoryEntry>> GetMaturityHistoryAsync(string cveId, CancellationToken ct);
}
```
**Signal aggregation:**
1. **EPSS** - Maps probability score to maturity level via thresholds
2. **KEV** - CISA Known Exploited Vulnerabilities → `Weaponized`
3. **InTheWild** - Threat intel feeds → `Active`
### EPSS Threshold Mapping
| EPSS Score | Maturity Level |
|------------|----------------|
| ≥ 0.80 | Weaponized |
| ≥ 0.40 | Active |
| ≥ 0.10 | ProofOfConcept |
| ≥ 0.01 | Theoretical |
| < 0.01 | Unknown |
### Exploit Maturity API Endpoints
```
GET /exploit-maturity/{cveId} → ExploitMaturityResult
GET /exploit-maturity/{cveId}/level → { level: "Active" }
GET /exploit-maturity/{cveId}/history → { entries: [...] }
POST /exploit-maturity/batch { cveIds: [...] } → { results: [...] }
```
---
## 5) REST API (RiskEngine.WebService)
All under `/api/v1/risk`. Auth: **OpTok**.