Because severity terminology can vary between projects, Prisma Cloud normalizes severity ratings into a common schema.
Prisma Cloud leverages the CVSS 3.0 scoring system.
The CVSS framework captures the principal characteristics of a vulnerability and produces a numerical score that reflects the severity of the vulnerability.
CVSS scores range from 0.0 to 10.0.
The higher the number, the higher the degree of severity.
We only normalize vulnerability ratings for the purpose of creating rules.
Console’s Monitoring section shows vendor terminology, not Prisma Cloud’s normalized scores (low, medium, high, critical).
The following table maps popular vendor terminology to Prisma Cloud normalized scores:
Prisma Cloud score
Not yet assigned
In the absence of project-specific terminology, Prisma Cloud normalizes using the CVSS base scores defined by NIST.
In addition to the numeric CVSS scores, NVD provides severity rankings of Low, Medium, High, and Critical.
These qualitative grades are simply derived from the numeric CVSS scores: