1. Home
    2. Prisma
    3. Prisma Cloud
    4. Prisma Cloud Compute Edition Administrator’s Guide
    5. Vulnerability management
    6. CVSS scoring
    End-of-Life (EoL)

    CVSS scoring

    Because severity terminology can vary between projects, Prisma Cloud normalizes severity ratings into a common schema.
    Prisma Cloud leverages the CVSS 3.0 scoring system. The CVSS framework captures the principal characteristics of a vulnerability and produces a numerical score that reflects the severity of the vulnerability. CVSS scores range from 0.0 to 10.0. The higher the number, the higher the degree of severity.

    Mappings

    We only normalize vulnerability ratings for the purpose of creating rules. Console’s Monitoring section shows vendor terminology, not Prisma Cloud’s normalized scores (low, medium, high, critical).
    The following table maps popular vendor terminology to Prisma Cloud normalized scores:
    Vendor terminology
    Prisma Cloud score
    Unimportant
    Low
    Unassigned
    Low
    Negligible
    Low
    Not yet assigned
    Low
    Low
    Low
    Medium
    Medium
    Moderate
    Medium
    High
    High
    Important
    High
    Critical
    Critical
    In the absence of project-specific terminology, Prisma Cloud normalizes using the CVSS base scores defined by NIST. In addition to the numeric CVSS scores, NVD provides severity rankings of Low, Medium, High, and Critical. These qualitative grades are simply derived from the numeric CVSS scores:
    CVSS base score
    Prisma Cloud severity
    0.0 - 3.9
    Low
    4.0 - 6.9
    Medium
    7.0 - 8.9
    High
    9.0 -10.0
    Critical

    Recommended For You

    Recommended Videos

    Recommended videos not found.

    © 2023 Palo Alto Networks, Inc. All rights reserved.

    Techdocs Logo