JupiterOne Vulnerability Score

Overview

JupiterOne calculates a comprehensive vulnerability score for each UnifiedVulnerability entity in your environment. This proprietary scoring system provides a more accurate risk assessment than traditional CVSS scores alone by incorporating multiple risk factors and real-world context from your specific environment.

The key advantage of JupiterOne's vulnerability score is that it includes a weighting based on the actual number of instances of the vulnerability that are attached to real assets in your entity graph. This contextual awareness makes the score significantly more relevant to your organization's actual risk posture.

Score Calculation

The JupiterOne Vulnerability Score ranges from 0 (lowest risk) to 1.0 (highest risk), or 0% to 100% when expressed as a percentage. The score is derived from three weighted components:

Component Weights

Component	Weight	Description
CVSS Base Score	30%	Industry-standard vulnerability severity with non-linear scaling
EPSS Percentile	40%	Exploit Prediction Scoring System - probability of exploitation
Occurrence Count	30%	Proportion of your Device and Host entities affected

Detailed Component Calculations

1. CVSS Base Score (30% weight)

The CVSS Base Score component uses a non-linear function to de-emphasize mid and low CVSS scores. This ensures that critical and high-severity vulnerabilities are appropriately weighted while reducing noise from lower-severity issues.

Calculation: 0.3 * (cvssBaseScore / 10)^2
Non-linear scaling: The squared function gives more weight to higher CVSS scores

2. EPSS Percentile (40% weight)

The Exploit Prediction Scoring System (EPSS) percentile is considered a stronger indicator for imminent risk as it predicts the likelihood of a vulnerability being exploited in the wild within the next 30 days.

Calculation: 0.4 * epssPercentile
Default value: If EPSS data is not available (common for zero-day vulnerabilities), a default value of 0.5 is used

3. Occurrence Count (30% weight)

This unique component considers how widespread the vulnerability is across your infrastructure, providing critical context about your organization's exposure.

Calculation: min(0.3, (vulnerabilityCount * 10.0) / totalDeviceCount)
Linear scaling: Weight increases linearly from 0% to 10% of assets affected
Maximum impact: Above 10% of assets affected, the full 30% weight is applied

Final Score Formula

JupiterOne Vulnerability Score = CVSS Weight + EPSS Weight + Occurrence Weight

Implementation Details

The vulnerability score is calculated as part of the VulnCheck enrichment process:

Device Count Collection: At the start of enrichment, the total number of UnifiedDevice entities in your environment is counted
Vulnerability Analysis: For each UnifiedVulnerability, the system counts incoming IS relationships from Vulnerability entities
Score Calculation: The three components are calculated and combined using the weights described above
Property Assignment: The final score is stored as the jupiteroneVulnScore property on the UnifiedVulnerability entity

Data Requirements

For a vulnerability score to be calculated, the following data must be available:

CVSS Base Score: Required from vulnerability data sources
EPSS Percentile: Preferred but will default to 0.5 if unavailable
Entity Relationships: Valid IS relationships between Vulnerability and UnifiedVulnerability entities
Device Inventory: At least one UnifiedDevice entity in the environment

Using the Score

The JupiterOne Vulnerability Score can be used to:

Prioritize Remediation: Focus on vulnerabilities with the highest scores first
Risk Assessment: Get a more accurate picture of your organization's vulnerability risk
Trend Analysis: Track how vulnerability scores change over time as patches are applied or new vulnerabilities emerge
Compliance Reporting: Demonstrate risk-based vulnerability management practices

Example Query

To retrieve vulnerabilities with their JupiterOne scores:

FIND Vulnerability AS v
  THAT IS UnifiedVulnerability WITH jupiteroneVulnScore != undefined AS uv
RETURN 
  uv.cveId AS vulnerabilityId,
  uv.displayName AS vulnerability,
  uv.cvssBaseScore AS cvss,
  uv.epssPercentile AS epss,
  uv.jupiteroneVulnScore AS score,
  COUNT(v) AS affectedAssets
ORDER BY uv.jupiteroneVulnScore DESC
LIMIT 100

Score Interpretation

Score Range	Risk Level	Recommended Action
0.8 - 1.0	Critical	Immediate remediation required
0.6 - 0.8	High	Prioritize for remediation within days
0.4 - 0.6	Medium	Schedule for remediation within weeks
0.2 - 0.4	Low	Include in regular patching cycles
0.0 - 0.2	Minimal	Monitor and patch as convenient

Benefits Over Traditional Scoring

Context-Aware: Considers the actual prevalence of vulnerabilities in your environment
Exploitation Focus: Heavily weights EPSS to prioritize likely-to-be-exploited vulnerabilities
Balanced Approach: Combines multiple data sources for a comprehensive risk view
Dynamic: Automatically adjusts as your infrastructure changes
Actionable: Provides clear prioritization for remediation efforts

Overview​

Score Calculation​

Component Weights​

Detailed Component Calculations​

1. CVSS Base Score (30% weight)​

2. EPSS Percentile (40% weight)​

3. Occurrence Count (30% weight)​

Final Score Formula​

Implementation Details​

Data Requirements​

Using the Score​

Example Query​

Score Interpretation​

Benefits Over Traditional Scoring​

Related Resources​

Contents