CVSS scoring

Because severity terminology can vary between projects, Prisma Cloud normalizes severity ratings into a common schema. Prisma Cloud leverages the CVSS 3.0 scoring system.

Mappings

We only normalize vulnerability ratings for the purpose of creating rules. Console’s Monitoring section shows vendor terminology, not Prisma Cloud’s normalized scores (low, medium, high, critical).
The following table maps popular vendor terminology to Prisma Cloud normalized scores:
Vendor terminology
Prisma Cloud score
Unimportant
Low
Unassigned
Low
Negligible
Low
Not yet assigned
Low
Low
Low
Medium
Medium
Moderate
Medium
High
High
Important
High
Critical
Critical
In the absence of project-specific terminology, Prisma Cloud normalizes using the CVSS base scores defined by NIST. In addition to the numeric CVSS scores, NVD provides severity rankings of Low, Medium, High, and Critical. These qualitative rankings are simply mapped from the numeric CVSS scores:
CVSS base score
Prisma Cloud severity
0.0 - 3.9
Low
4.0 - 6.9
Medium
7.0 - 8.9
High
9.0 -10.0
Critical

Recommended For You