All features Threat intel

Rank by real-world risk, not just CVSS

Every finding is enriched with CISA KEV listing status and EPSS exploit probability, so your techs fix what attackers are actually using first.

Get started Run a free scan
1,600+KEV CVEs
EPSSon every CVE
Dailysync
kev-epss-intelligence 1,600+
CISACISA KEVPASS
EPSSEPSS scoringCHECK
RISKRisk-ranked queueFAIL
DAILDaily feed syncPASS
What it does

Key capabilities

CISA KEV

Flag findings tied to known-exploited vulnerabilities.

EPSS scoring

Exploit-probability percentage on every CVE.

Risk-ranked queue

Prioritized worklist across all clients.

Daily feed sync

1,600+ KEV CVEs kept current.

The override rule

How KEV / EPSS changes what your techs do

CVSS tells you how severe a flaw is in theory. KEV and EPSS tell you whether it’s being exploited right now — and SBCMSP lets real-world exploitation override the paper score. The worklist reorders itself around what actually gets clients breached.

On the CISA KEV list

→ CRITICAL

The moment a matched CVE appears in CISA’s Known Exploited Vulnerabilities catalog, the finding is forced to critical — regardless of its CVSS score. Confirmed active exploitation always jumps to the front of the queue.

EPSS at 50% or higher

→ HIGH

When a CVE’s EPSS exploit-probability crosses 50%, the finding is escalated to at least high — even if its base CVSS would have parked it lower. Techs fix what’s most likely to be hit next, not just what’s theoretically bad.

The same KEV / EPSS signal feeds score-severity weighting and the ranking of attack-path entry points — so a client’s security score and their most exploitable paths both reflect real-world exploitation, not just paper severity.

Where it shows up

One enrichment layer, everywhere CVEs surface

KEV listing status and EPSS probability ride on every CVE the platform finds — including the ones matched against the software actually installed on your clients’ machines.

External scan findings

Internet-facing vulnerabilities from every scheduled external scan, ranked the moment they map to a CVE.

Deep Scan (EASM) CVEs

Version-detected vulnerabilities from active EASM Deep Scans, sorted by whether they’re being exploited in the wild.

Agent software inventory

The apps actually installed on client machines — matched against live CVE data, so an outdated app on one endpoint surfaces before it’s ever exposed to the internet. This is the differentiator: risk ranked on what’s running, not just what’s reachable.

Public-IP findings

Exposed services on client public IPs, carrying the same KEV and EPSS signal as everything else in the queue.

Remediation deadline built in

KEV findings carry CISA’s fix-by date

Every entry in CISA’s Known Exploited Vulnerabilities catalog ships with a federal remediation deadline. SBCMSP stores that due date on the finding, so a KEV-listed vulnerability arrives with a fix-by date already attached — not just a severity label. Your techs and your client reports both see the clock CISA is running.

Part of one platform

One finding, one fix, one report

KEV / EPSS Intelligence is one piece of SBCMSP’s unified loop — every finding is prioritized by real-world risk, paired with AI remediation guidance, mapped to your frameworks and re-verified on the next scan.

  • KEV / EPSS-ranked severity
  • AI remediation guidance
  • Mapped to 10 frameworks
  • White-label client reporting
See the full platform
82
+27 pts
projected after top fixes

Run your first scan free

See a client’s real posture in minutes — then unlock all 1,658 checks.