Threat Intelligence

How does Kondukto calculate the risk rating?

When CISA KEV + EPSS integration is enabled, Kondukto can automatically adjust the severity of vulnerabilities based on the risk rating that is calculated by looking at the EPSS probability and the percentile. This configuration is made when activating the CISA KEV + EPSS integration in the first place.

EPSS probability and percentile are updated daily based on the latest EPSS model available.

When computing the risk rating, EPSS percentile supersedes EPSS probability and if the EPSS percentile is above 70th, risk rating is calculated instantly by Kondukto without looking at EPSS probability.

EPSS PercentileRisk RatingVulnerability Severity
<70thCalculated based on EPSS probabilityDepends on EPSS probability
between 70th and 90th3High

If the EPSS percentile is below 70th, then the following logic is applied.

EPSS ProbabilityRisk RatingVulnerability Severity
between 0% and 10%0Low
between 10% and 30%1Low
between 30% and 70%2Medium
between 70% and 90%3High
between 90% and 100%4Critical

How is M-score in Mandiant integration calculated ?

Kondukto calculates the M-score based on the risk rating and exploitation state information provided by Mandiant.

The calculation is based on the matrix below;

Exploitation State / Risk RatingLowMediumHighCritical
No known1,01,31,92,7