stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity
Files
4bdc298ec1fc821ee0d9dda6d2d4643dcedf6b35
git.stella-ops.org/docs/features/unchecked/riskengine/epss-risk-band-mapping.md

2.3 KiB
Raw Blame History

EPSS Risk Band Mapping

Module

RiskEngine

Status

IMPLEMENTED

Description

EPSS provider with bundle loading, fetching, and risk band mapping that converts EPSS probabilities into actionable risk categorizations.

Implementation Details

  • EPSS Provider: src/RiskEngine/StellaOps.RiskEngine/StellaOps.RiskEngine.Core/Providers/EpssProvider.cs (implements IRiskScoreProvider) -- converts EPSS probability scores into risk band categorizations (Critical, High, Medium, Low) using configurable thresholds.
  • EPSS Bundle Loader: src/RiskEngine/StellaOps.RiskEngine/StellaOps.RiskEngine.Core/Providers/EpssBundleLoader.cs -- loads EPSS score bundles from local files or cached downloads for offline operation.
  • EPSS Fetcher: src/RiskEngine/StellaOps.RiskEngine/StellaOps.RiskEngine.Core/Providers/EpssFetcher.cs -- fetches EPSS score data from the FIRST.org EPSS API for periodic updates.
  • EPSS Sources Interface: src/RiskEngine/StellaOps.RiskEngine/StellaOps.RiskEngine.Core/Providers/IEpssSources.cs -- data source contract for EPSS score lookups.
  • In-Memory Result Store: src/RiskEngine/StellaOps.RiskEngine/StellaOps.RiskEngine.Infrastructure/Stores/InMemoryRiskScoreResultStore.cs (implements IRiskScoreResultStore) -- in-memory store for computed risk scores with EPSS band mappings.
  • Risk Score Result Store Interface: src/RiskEngine/StellaOps.RiskEngine/StellaOps.RiskEngine.Core/Services/IRiskScoreResultStore.cs -- persistence contract for risk score results.
  • Tests: src/RiskEngine/StellaOps.RiskEngine/StellaOps.RiskEngine.Tests/EpssBundleTests.cs, RiskEngineApiTests.cs

E2E Test Plan

  • Load an EPSS bundle via EpssBundleLoader and query the score for a known CVE; verify the returned probability matches the bundle data
  • Map an EPSS probability of 0.95 and verify it is categorized as "Critical" risk band
  • Map an EPSS probability of 0.01 and verify it is categorized as "Low" risk band
  • Verify bundle loading from file: place an EPSS CSV bundle in the expected path and confirm EpssBundleLoader loads it without network access
  • Verify the EPSS fetcher downloads fresh data and the bundle loader caches it for subsequent offline lookups
  • Combine EPSS with CVSS: compute a risk score using both EPSS and CVSS providers and verify the combined score reflects both signals