Feature

Threat Intelligence

KEV + EPSS + CVE-aware scoring

Available inproenterprise

SICenter ingests CISA's Known Exploited Vulnerabilities catalog, FIRST's EPSS daily scores, and NVD CVE data to augment every finding with real-world exploitability context. A finding on a KEV-listed CVE is treated as urgent regardless of base CVSS, because the catalog is proof that active exploitation exists.

Key capabilities

  • CISA KEV catalog synchronized daily — findings on KEV entries are flagged immediately
  • EPSS scores updated daily from FIRST's public API to reflect shifting exploitability probability
  • NVD CVE data provides base CVSS vector, affected software versions, and reference links
  • Composite risk score recomputed whenever any intelligence feed updates a relevant CVE
  • Intelligence context visible inline on every finding card — no separate threat-intel console required
  • Historical score trend shows how a finding's risk profile has evolved over time

How it works

01

Three scheduled jobs run daily: KEV sync, EPSS sync, and NVD delta sync. KEV sync fetches the full catalog and upserts membership status for each CVE ID. EPSS sync pulls the daily scores CSV and upserts probability scores. NVD sync fetches recent changes using the NVD 2.0 API and updates base metrics for any CVE that has been modified since the last run.

02

After each sync, a scoring fanout job identifies all open findings whose CVE IDs were touched by the sync and re-enqueues them for score recomputation. Recomputation is idempotent and runs in the background; findings remain readable during recomputation. The new score is written atomically so consumers never see a partial state.

03

The composite score formula is: `base_score * epss_multiplier * kev_bonus * criticality_multiplier`. EPSS probabilities above 0.3 apply a 1.5x multiplier. KEV membership applies a 2.0x bonus. Criticality multipliers are 1.0, 1.5, and 2.0 for standard, high, and critical assets respectively. The ceiling is capped so no finding can exceed a defined maximum to prevent runaway scores from dominating the queue.

Related capabilities

Asset Discovery

Continuous external attack-surface mapping

Learn more

Vulnerability Management

Find, score, and close exposures

Learn more

Validation

Confirm exploits without setting off alarms

Learn more
Get started

Ready? See the scoring model.

No credit card required. Start free, upgrade when you need more.

Start freeSee pricing