Loading

First EPSS
Version 1.4.0 (View all)
Subscription level
What's this?		 Basic
Developed by
What's this?		 Community
Ingestion method(s) API
Minimum Kibana version(s) 9.0.5
8.19.2

The First EPSS integration allows users to retrieve EPSS score from First EPSS API.

The Exploit Prediction Scoring System (EPSS) is a data-driven effort for estimating the likelihood (probability) that a software vulnerability (CVE) will be exploited in the wild.

Agentless integrations allow you to collect data without having to manage Elastic Agent in your cloud. They make manual agent deployment unnecessary, so you can focus on your data instead of the agent that collects it. For more information, refer to Agentless integrations and the Agentless integrations FAQ. Agentless deployments are only supported in Elastic Serverless and Elastic Cloud environments. This functionality is in beta and is subject to change. Beta features are not subject to the support SLA of official GA features.

The First EPSS integration collects one type of data stream: vulnerability

EPSS scores are retrieved via the First EPSS API (https://api.first.org/data/v1/epss).

This integration has been tested against the EPSS API v1.

You need Elasticsearch for storing and searching your data and Kibana for visualizing and managing it. You can use our hosted Elasticsearch Service on Elastic Cloud, which is recommended, or self-manage the Elastic Stack on your own hardware.

For step-by-step instructions on how to set up an integration, see the Getting started guide.

This is the vulnerability dataset.

Example 
{
    "@timestamp": "2025-07-08T11:04:54.375Z",
    "agent": {
        "ephemeral_id": "3e6f5925-a6e0-4f02-9f23-4d7dda2c5063",
        "id": "f1f7bf4a-7a17-46e2-9ee4-b93dd07a64de",
        "name": "elastic-agent-64607",
        "type": "filebeat",
        "version": "8.16.0"
    },
    "data_stream": {
        "dataset": "first_epss.vulnerability",
        "namespace": "63395",
        "type": "logs"
    },
    "ecs": {
        "version": "8.11.0"
    },
    "elastic_agent": {
        "id": "f1f7bf4a-7a17-46e2-9ee4-b93dd07a64de",
        "snapshot": false,
        "version": "8.16.0"
    },
    "event": {
        "agent_id_status": "verified",
        "category": [
            "vulnerability"
        ],
        "dataset": "first_epss.vulnerability",
        "ingested": "2025-07-08T11:04:54Z",
        "kind": "enrichment",
        "module": "first_epss",
        "type": [
            "info"
        ]
    },
    "first_epss": {
        "vulnerability": {
            "cve": "CVE-2025-7145",
            "date": "2025-07-07T00:00:00.000Z",
            "epss": 0.0027,
            "percentile": 0.50191
        }
    },
    "host": {
        "architecture": "x86_64",
        "containerized": true,
        "hostname": "elastic-agent-64607",
        "ip": [
            "192.168.249.2",
            "192.168.253.6"
        ],
        "mac": [
            "02-42-C0-A8-F9-02",
            "02-42-C0-A8-FD-06"
        ],
        "name": "elastic-agent-64607",
        "os": {
            "family": "",
            "kernel": "3.10.0-1160.92.1.el7.x86_64",
            "name": "Wolfi",
            "platform": "wolfi",
            "type": "linux",
            "version": "20230201"
        }
    },
    "input": {
        "type": "cel"
    },
    "vulnerability": {
        "id": "CVE-2025-7145",
        "reference": "https://api.first.org/data/v1/epss?pretty=true&cve=CVE-2025-7145"
    }
}
Exported fields
Field Description Type
@timestamp Event timestamp. date
data_stream.dataset Data stream dataset. constant_keyword
data_stream.namespace Data stream namespace. constant_keyword
data_stream.type Data stream type. constant_keyword
event.dataset Event dataset. constant_keyword
event.module Event module. constant_keyword
first_epss.vulnerability.cve CVE number. keyword
first_epss.vulnerability.date Exploit Prediction Scoring System score calculation date. date
first_epss.vulnerability.epss Exploit Prediction Scoring System score value. float
first_epss.vulnerability.percentile Exploit Prediction Scoring System percentile value. float
input.type Type of filebeat input. keyword

This integration includes one or more Kibana dashboards that visualizes the data collected by the integration. The screenshots below illustrate how the ingested data is displayed.

First EPSS Dashboard
Changelog
Version Details Minimum Kibana version
1.4.0 Enhancement (View pull request)
Use new release field for agentless deployment mode to establish as beta.		 9.0.5
8.19.2
1.3.0 Enhancement (View pull request)
Enable Agentless deployment.		 9.0.5
8.19.2
1.2.0 Enhancement (View pull request)
Enable request trace log removal.		 9.0.0
8.16.0
1.1.1 Bug fix (View pull request)
Downgrade the format_version to the minimum version that supports all the necessary features for the package.		 9.0.0
8.16.0
1.1.0 Enhancement (View pull request)
Use terminate processor instead of fail processor to handle agent errors.		 9.0.0
8.16.0
1.0.0 Enhancement (View pull request)
Publish First EPSS major version 1.0.0.		 9.0.0
8.14.0
0.4.0 Enhancement (View pull request)
Update Kibana constraint to support 9.0.0.		 9.0.0
8.14.0
0.3.2 Bug fix (View pull request)
Updated SSL description in package manifest.yml to be uniform and to include links to documentation.		 8.14.0
0.3.1 Bug fix (View pull request)
Update links to getting started docs		 8.14.0
0.3.0 Enhancement (View pull request)
Add First logo		 8.14.0
0.2.0 Enhancement (View pull request)
Add "preserve_original_event" tag to documents with event.kind set to "pipeline_error".		 8.14.0
0.1.0 Enhancement (View pull request)
Initial release of the package		 8.14.0