stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity
Files
f4eb64fefcd7d2353b42aed44cb732780e861ea4
git.stella-ops.org/docs/features/checked/policy/epss-raw-feed-layer.md
master 9ca2de05df more features checks. setup improvements
2026-02-13 02:04:55 +02:00

2.3 KiB
Raw Blame History

EPSS Raw Feed Layer (Immutable Storage)

Module

Policy

Status

IMPLEMENTED

Description

EPSS feed ingestion with CSV parsing, repository storage, and enrichment jobs. Database migrations exist for EPSS risk scores storage.

Implementation Details

  • UnknownRanker Integration: src/Policy/__Libraries/StellaOps.Policy.Unknowns/Services/UnknownRanker.cs -- uses EPSS scores in exploit pressure calculation
    • EPSS >= 0.90: +0.30 exploit pressure factor
    • EPSS >= 0.50: +0.15 exploit pressure factor
    • UnknownRankInput.EpssScore (decimal 0.0-1.0) feeds into scoring
  • Risk Scoring Integration: src/Policy/StellaOps.Policy.Engine/Scoring/ -- EPSS scores used in risk profile scoring
    • ProfileAwareScoringService.cs -- includes EPSS in profile-aware scoring
    • RiskScoringModels.cs -- risk scoring models with EPSS data
    • RiskScoringTriggerService.cs -- triggers re-scoring when EPSS data updates
  • RiskSimulationService: src/Policy/StellaOps.Policy.Engine/Simulation/RiskSimulationService.cs -- EPSS used as a signal in risk simulations
    • Categorical signal mapping: EPSS score mapped to signal weight contributions
  • Policy Gate Integration: src/Policy/StellaOps.Policy.Engine/Gates/PolicyGateEvaluator.cs -- EPSS thresholds used in gate evaluation
  • Staleness Endpoints: src/Policy/StellaOps.Policy.Engine/Endpoints/StalenessEndpoints.cs -- feed staleness monitoring
  • Risk Profile Endpoints: src/Policy/StellaOps.Policy.Engine/Endpoints/RiskProfileEndpoints.cs -- profiles include EPSS configuration
  • Evidence Weighted Score: src/Policy/StellaOps.Policy.Engine/Scoring/EvidenceWeightedScore/ -- EPSS contributes to evidence-weighted scoring

E2E Test Plan

  • Verify EPSS score (0.95) contributes +0.30 exploit pressure factor in unknown ranking
  • Verify EPSS score (0.50) contributes +0.15 exploit pressure factor
  • Verify EPSS score (0.10) contributes 0 exploit pressure factor (below threshold)
  • Verify risk simulation includes EPSS as a signal with weight contribution
  • Verify risk scoring trigger fires when EPSS data updates
  • Check staleness endpoint for EPSS feed; verify freshness status is reported
  • Verify evidence-weighted score includes EPSS contribution
  • Verify policy gate evaluates EPSS threshold per configuration