Pricing
from $14.00 / 1,000 result items
FIRST.org CSIRT Teams + EPSS Scraper
Extract the FIRST.org global directory of Computer Security Incident Response Teams (CSIRTs): team name, country, region, host organization, constituency, members, established date, and contact channels. Export to JSON, CSV, or Excel for cybersecurity research, threat intelligence.
Pricing
from $14.00 / 1,000 result items
Rating
0.0
(0)
Developer
Actor stats
0
Bookmarked
2
Total users
1
Monthly active users
a month ago
Last modified
Categories
Share
๐ FIRST.org CSIRT Teams + EPSS Scraper
๐ Export the global incident-response directory in seconds. Pull 854 CSIRT/SOC teams across 117 countries plus EPSS exploit-prediction scores for 334,000+ CVEs from the Forum of Incident Response and Security Teams.
๐ Last updated: 2026-05-23 ยท ๐ 26 fields per record ยท ๐ฐ๏ธ 854 CSIRT teams ยท ๐ 117 countries ยท ๐ 334k+ CVEs scored
The FIRST.org CSIRT Teams + EPSS Scraper exports the authoritative directory of computer security incident response teams (CSIRTs) maintained by FIRST.org, plus the EPSS (Exploit Prediction Scoring System) service that scores the likelihood of exploitation for every published CVE. It returns 26 fields per record, including team name, full name, membership type, team type, host organisation, country, contact channels, PGP keys, operating hours, and constituency description.
The directory covers 854 incident response teams across 117 countries, including national CERTs, sector-specific ISACs, vendor PSIRTs, financial-services CSIRTs, and academic teams. The EPSS mode returns daily-refreshed exploit-likelihood scores and percentiles for 334,000+ CVEs, the same model used by Fortune 500 security teams to prioritize patching.
| ๐ฏ Target Audience | ๐ก Primary Use Cases |
|---|---|
| Cybersecurity teams, threat intel analysts, incident responders, vulnerability managers, CISO offices, ISAC operators, security researchers | Incident coordination, CVE prioritization, threat-intel feeds, vendor PSIRT discovery, regional CERT outreach, vulnerability triage |
๐ What the FIRST.org Scraper does
Two collection modes plus filters:
- ๐ฐ๏ธ CSIRT teams directory. 854 incident response teams worldwide with contact channels, PGP keys, operating hours, and constituency.
- ๐ EPSS scores. Daily-updated exploit-prediction scores and percentiles for 334,000+ CVEs.
- ๐ Country filter. Restrict the teams directory to one ISO-2 country code from a 117-country enum.
- ๐ Team-name filter. Free-text substring filter on team name, full name, or host organisation (case-insensitive).
- ๐ CVE filter. In EPSS mode, optionally narrow to one CVE ID for targeted lookups.
Each team record includes contact email, website, phone (with separate emergency number), full street address, time zone, operating hours, constituency description, PGP key ID and fingerprint, establishment date, and FIRST.org membership tenure.
๐ก Why it matters: when an incident hits, knowing which CERT to contact in which country saves hours. When 1,000 new CVEs drop per week, EPSS tells you which ones attackers are actually exploiting. Both feeds are publicly available, but they live in different schemas at different endpoints. This Actor unifies them into one structured dataset.
๐ฌ Full Demo
๐ง Coming soon: a 3-minute walkthrough showing how to pull every European national CERT contact and load it into an incident-response runbook.
โ๏ธ Input
| Input | Type | Default | Behavior |
|---|---|---|---|
| maxItems | integer | 10 | Records to return. Free plan caps at 10, paid plan at 1,000,000. |
| mode | string | "teams" | "teams" for CSIRT directory, "epss" for CVE scores. |
| country | string | "" | ISO-2 country filter for teams mode (117 supported). Empty = all. |
| teamFilter | string | "" | Substring filter on team name, full name, or host (case-insensitive). |
| cve | string | "" | EPSS mode only. Optional CVE ID (e.g. CVE-2024-12345). |
Example: every German CSIRT team with contact details.
Example: EPSS scores for one specific CVE.
โ ๏ธ Good to Know: EPSS scores refresh daily. A score of 0.97 means the model estimates a 97% probability that this CVE will be exploited in the next 30 days. Percentile tells you where this CVE ranks against all scored CVEs. Combine both with CVSS for full risk context.
๐ Output
Each record contains 26 fields (team mode populates team fields, EPSS mode populates score fields; the other set is null). Download the dataset as CSV, Excel, JSON, or XML.
๐งพ Schema
| Field | Type | Example |
|---|---|---|
๐ id | string | null | "1234" |
๐ฐ๏ธ team | string | null | "CERT-Bund" |
๐ teamFull | string | null | "Computer Emergency Response Team for German federal agencies" |
๐๏ธ membership | string | null | "Full Member" |
๐ท๏ธ teamType | string | null | "National CSIRT" |
๐ข host | string | null | "BSI - Federal Office for Information Security" |
๐ country | string | null | "DE" |
๐ง email | string | null | "certbund@bsi.bund.de" |
๐ website | string | null | "https://www.bsi.bund.de/CERT-Bund/" |
๐ phone | string | null | "+49 228 99 9582 222" |
๐ phoneEmergency | string | null | "+49 228 99 9582 222" |
๐ฎ address | string | null | "Godesberger Allee 185-189, 53175 Bonn, Germany" |
๐ timezone | string | null | "Europe/Berlin" |
โฐ operatingHours | string | null | "24x7" |
๐ฅ constituency | string | null | "German federal agencies" |
๐ constituencyDescription | string | null | "All federal government agencies of Germany" |
๐ pgpId | string | null | "0x12345678" |
๐๏ธ pgpFingerprint | string | null | "ABCD 1234 EFGH..." |
๐ establishment | string | null | "1994-01-01" |
๐๏ธ memberSince | string | null | "2000-06-15" |
๐ lastModified | ISO 8601 | null | "2024-08-12T10:23:00" |
๐ cve | string | null | "CVE-2024-3094" |
๐ epssScore | number | null | 0.97214 |
๐ epssPercentile | number | null | 0.99987 |
๐
epssDate | string | null | "2026-05-22" |
๐ท๏ธ mode | string | "teams" |
๐ scrapedAt | ISO 8601 | "2026-05-23T00:00:00.000Z" |
๐ฆ Sample records
โจ Why choose this Actor
| Capability | |
|---|---|
| ๐ฐ๏ธ | 854 CSIRT teams. Every FIRST.org member team across 117 countries, with contact channels and PGP keys. |
| ๐ | EPSS for 334k+ CVEs. Daily-refreshed exploit-prediction scores and percentiles. |
| ๐ | Country filter. Restrict the directory to one of 117 ISO-2 codes. |
| ๐ | Free-text search. Substring filter on team name, full name, or host. |
| ๐ | Full team metadata. Type, membership, constituency, operating hours, time zone, PGP, establishment date. |
| โก | Fast. 100 teams in under 10 seconds. |
| ๐ซ | No authentication. Public FIRST.org API. No login or token required. |
๐ Incident response runs on phone numbers and email addresses. EPSS turns CVE noise into a triage queue. Both should be one structured pull away.
๐ How it compares to alternatives
| Approach | Cost | Coverage | Refresh | Filters | Setup |
|---|---|---|---|---|---|
| โญ FIRST.org CSIRT + EPSS Scraper (this Actor) | $5 free credit, then pay-per-use | 854 teams, 334k+ CVEs | Live per run | mode, country, team, CVE | โก 2 min |
| FIRST.org website manual lookup | Free | Same | Live | Browser-only | ๐ข One team at a time |
| Direct FIRST.org API code | Free | Same | Live | Custom code | ๐ Hours of code |
| Commercial threat-intel platforms | $500+/month | Broader | Live | Many | โณ Onboarding required |
Pick this Actor when you want the FIRST.org directory and EPSS as structured data, with country and team filters, without writing custom client code.
๐ How to use
- ๐ Sign up. Create a free account with $5 credit (takes 2 minutes).
- ๐ Open the Actor. Go to the FIRST.org CSIRT Teams + EPSS Scraper page on the Apify Store.
- ๐ฏ Set input. Pick
mode(teams or epss), optionally filter by country, team name, or CVE, and setmaxItems. - ๐ Run it. Click Start and let the Actor collect your data.
- ๐ฅ Download. Grab your results in the Dataset tab as CSV, Excel, JSON, or XML.
โฑ๏ธ Total time from signup to a downloaded dataset: 3-5 minutes. No coding required.
๐ผ Business use cases
๐จ Incident Response Teams
|
๐ Vulnerability Management
|
๐ก๏ธ Threat Intel & SOC
|
๐๏ธ Policy & Governance
|
๐ Automating FIRST.org Scraper
Control the scraper programmatically for scheduled runs and pipeline integrations:
- ๐ข Node.js. Install the
apify-clientNPM package. - ๐ Python. Use the
apify-clientPyPI package. - ๐ See the Apify API documentation for full details.
The Apify Schedules feature lets you trigger this Actor on any cron interval. Daily EPSS refreshes and weekly CSIRT directory refreshes are both common patterns.
๐ Beyond business use cases
Data like this powers more than commercial workflows. The same structured records support research, education, civic projects, and personal initiatives.
๐ Research and academia
|
๐จ Personal and creative
|
๐ค Non-profit and civic
|
๐งช Experimentation
|
๐ค Ask an AI assistant about this scraper
Open a ready-to-send prompt about this ParseForge actor in the AI of your choice:
- ๐ฌ ChatGPT
- ๐ง Claude
- ๐ Perplexity
- ๐ Copilot
โ Frequently Asked Questions
๐งฉ How does it work?
Pick a mode (teams or EPSS), optionally narrow by country, team name, or CVE, and click Start. The Actor pages through the FIRST.org catalog and emits a clean structured record per team or CVE.
๐ฐ๏ธ How many CSIRT teams are listed?
854 incident response teams across 117 countries at the time of writing. The directory grows as new teams join FIRST.org.
๐ What is EPSS?
EPSS (Exploit Prediction Scoring System) is FIRST.org's model that estimates the probability of a CVE being exploited in the next 30 days. It complements CVSS by adding real-world exploitation context. The Actor returns scores and percentiles for every published CVE.
๐ Can I filter by country?
Yes. Set country to a two-letter ISO code (e.g. DE, US, JP, BR). The dropdown lists all 117 supported codes. Leave empty for the worldwide directory.
๐ Can I search teams by name?
Yes. Set teamFilter to any substring of the team name, full name, or host organisation. The filter is case-insensitive.
โฐ Can I schedule regular runs?
Yes. Use Apify Schedules to run on any cron interval. Daily EPSS refreshes feed vulnerability-management dashboards. Weekly directory refreshes keep IR runbooks current.
โ๏ธ Is this data legal to use?
Yes. FIRST.org publishes the teams directory and EPSS scores for public use under terms that permit programmatic access.
๐ผ Can I use this commercially?
Yes. Incident-response platforms, vulnerability-management products, threat-intel services, and security consulting are all valid commercial use cases.
๐ณ Do I need a paid Apify plan?
No. The free Apify plan is enough for testing and small runs (10 records per run). A paid plan lifts the limit and gives you access to scheduling, higher concurrency, and larger datasets.
๐ What happens if a run fails partway?
Apify retries transient errors automatically. The Actor pages through results deterministically, so a re-run picks up cleanly with the same input.
๐ What if I need help?
Our support team is here to help. Contact us through the Apify platform or use the Tally form linked below.
๐ Integrate with any app
FIRST.org CSIRT Teams + EPSS Scraper connects to any cloud service via Apify integrations:
- Make - Automate multi-step workflows
- Zapier - Connect with 5,000+ apps
- Slack - Get run notifications in your channels
- Airbyte - Pipe security data into your warehouse
- GitHub - Trigger runs from repo commits
- Google Drive - Export datasets straight to Sheets
You can also use webhooks to fire downstream actions when a run finishes. Push fresh EPSS scores into your SIEM, or alert your team in Slack when a new high-risk CVE crosses a threshold.
๐ Recommended Actors
- ๐จ IETF Datatracker Drafts Scraper - Internet standards lifecycle
- ๐ W3C Standards Catalog Scraper - Open Web specifications
- ๐ arXiv Scraper - Open-access research papers
- ๐ OEC Economic Complexity Trade Scraper - International trade flows
- ๐ Nominatim OSM Scraper - Geocode addresses via OpenStreetMap
๐ก Pro Tip: browse the complete ParseForge collection for more reference-data scrapers.
๐ Need Help? Open our contact form to request a new scraper, propose a custom data project, or report an issue.
โ ๏ธ Disclaimer: this Actor is an independent tool and is not affiliated with, endorsed by, or sponsored by FIRST.org or any of its member teams. All trademarks mentioned are the property of their respective owners. Only publicly available FIRST.org directory and EPSS data is collected.
