Exploit Prediction working?

[charbl]

Have published SBOM and see results. In the Exploit Prediction tab, we can see in the tab it shows a number and the list has data but on the graph itself, displays nothing. Are we missing something? Thoughts?

[syalioune]

Hello @charbl,

As you can see in the table, the EPSS related data are missing. The number in the tab is actually derived from the overall finding list not the list of finding with non null EPSS score.
It works correctly on my end.

You problem could be that the EPSS data is not populated yet in your database. Some questions to narrow down your issue :

• Is it a fresh install ?
• Is NVD mirroring enabled (see in Admin > Vulnerability Sources) ? EPSS data mirroring is closely tied to NVD mirroring and would not happen if NVD is disabled
• Is EPSS mirroring enabled ? (check API call /api/v1/configProperty/ and vuln-source.epss.enabled property)
• Can you see in the logs lines like Starting EPSS mirroring task or EPSS mirroring complete

[charbl]

We are running it in Docker. NVD and EPSS are enabled.
In logs I see this :

[NistMirrorTask] Initiating download of https://nvd.nist.gov/vuln/data-feeds/json/cve/1.1/nvdcve-1.1-2004.meta
2023-04-12 18:55:27,874 WARN [NistMirrorTask] Unable to download - HTTP Response 404:
2023-04-12 18:55:27,874 INFO [NistMirrorTask] Initiating download of https://nvd.nist.gov/vuln/data-feeds/json/cve/1.1/nvdcve-1.1-2003.json.gz
2023-04-12 18:55:28,153 WARN [NistMirrorTask] Unable to download - HTTP Response 404:
2023-04-12 18:55:28,153 INFO [NistMirrorTask] Initiating download of https://nvd.nist.gov/vuln/data-feeds/json/cve/1.1/nvdcve-1.1-2003.meta
2023-04-12 18:55:28,462 WARN [NistMirrorTask] Unable to download - HTTP Response 404:
2023-04-12 18:55:28,463 INFO [NistMirrorTask] Initiating download of https://nvd.nist.gov/vuln/data-feeds/json/cve/1.1/nvdcve-1.1-2002.json.gz
2023-04-12 18:55:28,754 WARN [NistMirrorTask] Unable to download - HTTP Response 404:
2023-04-12 18:55:28,754 INFO [NistMirrorTask] Initiating download of https://nvd.nist.gov/vuln/data-feeds/json/cve/1.1/nvdcve-1.1-2002.meta
2023-04-12 18:55:29,044 WARN [NistMirrorTask] Unable to download - HTTP Response 404:
2023-04-12 18:55:29,044 INFO [NistMirrorTask] NIST mirroring complete
2023-04-12 18:55:29,044 INFO [NistMirrorTask] Time spent (d/l): 13268ms
2023-04-12 18:55:29,045 INFO [NistMirrorTask] Time spent (parse): 0ms
2023-04-12 18:55:29,045 INFO [NistMirrorTask] Time spent (total): 13291ms
2023-04-12 18:55:29,056 INFO [EpssMirrorTask] Starting EPSS mirroring task
2023-04-12 18:55:29,056 INFO [EpssMirrorTask] Initiating download of https://epss.cyentia.com/epss_scores-current.csv.gz
2023-04-12 18:55:29,130 ERROR [EpssMirrorTask] Download failed : Connection reset
2023-04-12 18:55:29,130 INFO [EpssMirrorTask] EPSS mirroring complete
2023-04-12 18:55:29,131 INFO [EpssMirrorTask] Time spent (d/l): 0ms
2023-04-12 18:55:29,131 INFO [EpssMirrorTask] Time spent (parse): 0ms
2023-04-12 18:55:29,131 INFO [EpssMirrorTask] Time spent (total): 74ms

[syalioune]

There's obvisouly a connection issue denying external resources download
2023-04-12 18:55:29,130 ERROR [EpssMirrorTask] Download failed : Connection reset
Maybe a DNS or proxy issue ?

Also the derived URL for NVD feeds are incorrect : https://nvd.nist.gov/vuln/data-feeds/json/cve/1.1/nvdcve-1.1-2003.json.gz instead of https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-2003.json.gz. Base URL should be modified in the admin UI.