The First EPSS action submits a data collection containing CVE IOCs to First EPSS and returns enriched IOCs and relevant attributes.

The action can perform the following function:

• First EPSS - Submits indicators to First EPSS API to be enriched with related threat intelligence.

The action is compatible with CVE indicator types.

The action returns enriched indicator and indicator attributes.

Note:  This action is intended for use with ThreatQ TDR Orchestrator (TQO). An active TQO license is required for this feature.