28 lines
2.3 KiB
Markdown
28 lines
2.3 KiB
Markdown
# EPSS Risk Band Mapping
|
|
|
|
## Module
|
|
RiskEngine
|
|
|
|
## Status
|
|
IMPLEMENTED
|
|
|
|
## Description
|
|
EPSS provider with bundle loading, fetching, and risk band mapping that converts EPSS probabilities into actionable risk categorizations.
|
|
|
|
## Implementation Details
|
|
- **EPSS Provider**: `src/RiskEngine/StellaOps.RiskEngine/StellaOps.RiskEngine.Core/Providers/EpssProvider.cs` (implements `IRiskScoreProvider`) -- converts EPSS probability scores into risk band categorizations (Critical, High, Medium, Low) using configurable thresholds.
|
|
- **EPSS Bundle Loader**: `src/RiskEngine/StellaOps.RiskEngine/StellaOps.RiskEngine.Core/Providers/EpssBundleLoader.cs` -- loads EPSS score bundles from local files or cached downloads for offline operation.
|
|
- **EPSS Fetcher**: `src/RiskEngine/StellaOps.RiskEngine/StellaOps.RiskEngine.Core/Providers/EpssFetcher.cs` -- fetches EPSS score data from the FIRST.org EPSS API for periodic updates.
|
|
- **EPSS Sources Interface**: `src/RiskEngine/StellaOps.RiskEngine/StellaOps.RiskEngine.Core/Providers/IEpssSources.cs` -- data source contract for EPSS score lookups.
|
|
- **In-Memory Result Store**: `src/RiskEngine/StellaOps.RiskEngine/StellaOps.RiskEngine.Infrastructure/Stores/InMemoryRiskScoreResultStore.cs` (implements `IRiskScoreResultStore`) -- in-memory store for computed risk scores with EPSS band mappings.
|
|
- **Risk Score Result Store Interface**: `src/RiskEngine/StellaOps.RiskEngine/StellaOps.RiskEngine.Core/Services/IRiskScoreResultStore.cs` -- persistence contract for risk score results.
|
|
- **Tests**: `src/RiskEngine/StellaOps.RiskEngine/StellaOps.RiskEngine.Tests/EpssBundleTests.cs`, `RiskEngineApiTests.cs`
|
|
|
|
## E2E Test Plan
|
|
- [ ] Load an EPSS bundle via `EpssBundleLoader` and query the score for a known CVE; verify the returned probability matches the bundle data
|
|
- [ ] Map an EPSS probability of 0.95 and verify it is categorized as "Critical" risk band
|
|
- [ ] Map an EPSS probability of 0.01 and verify it is categorized as "Low" risk band
|
|
- [ ] Verify bundle loading from file: place an EPSS CSV bundle in the expected path and confirm `EpssBundleLoader` loads it without network access
|
|
- [ ] Verify the EPSS fetcher downloads fresh data and the bundle loader caches it for subsequent offline lookups
|
|
- [ ] Combine EPSS with CVSS: compute a risk score using both EPSS and CVSS providers and verify the combined score reflects both signals
|