CVSS scoring
Because severity terminology can vary between projects, Prisma Cloud normalizes severity ratings into a common schema.
Prisma Cloud leverages the CVSS 3.0 scoring system.
The CVSS framework captures the principal characteristics of a vulnerability and produces a numerical score that reflects the severity of the vulnerability.
CVSS scores range from 0.0 to 10.0.
The higher the number, the higher the degree of severity.
Mappings
We only normalize vulnerability ratings for the purpose of creating rules.
Console’s Monitoring section shows vendor terminology, not Prisma Cloud’s normalized scores (low, medium, high, critical).
The following table maps popular vendor terminology to Prisma Cloud normalized scores:
Vendor terminology | Prisma Cloud score |
|---|---|
Unimportant | Low |
Unassigned | Low |
Negligible | Low |
Not yet assigned | Low |
Low | Low |
Medium | Medium |
Moderate | Medium |
High | High |