Why use "Severe" instead of "Important"?

Does anyone know why “Severe” is used instead of “Important” or “High” for vulnerability ratings in the dashboards? Can this be changed? Ideally, I’d like to match what microsoft uses, or maybe use “Important/High” to match microsoft and some linux distros use – just for consistency.

Hi geoS,

The description of how the severity is assigned can be found in the documentation here

That likely won’t help though as it’s based on the CVSS2 score…which is different to the CVSS3 score which doesn’t directly relate to the Rapid7 Risk or Microsoft’s scoring system either so you can’t really be consistent.

1 Like