Customize CVSS scores and CVSS severities in the platform to align your risk management approach with your organizational context and priorities.
In some situations, you might decide that a specific vulnerability poses a different level of risk to your environment than what is reflected in the original CVSS score or CVSS severity. In Cortex Cloud you can override the CVSS score or severity within the platform. Customizing CVSS scores and severities enables you to align your risk management approach with your unique context and priorities.
When a CVSS score or severity is recast, the change is applied platform-wide, updating both existing and new vulnerability findings. This ensures consistency in how vulnerabilities are assessed and managed across the organization. After the CVSS score or severity is updated, the system automatically updates all affected findings within about one hour.
You can view the original CVSS score and severity and new values on the vulnerability details page in Vulnerability Intelligence.
Navigate to → → .
Use the filters to find the vulnerability in the Vulnerability Intelligence table.
Click in the row for the vulnerability to open the vulnerability details panel.
Click the Options icon in the upper right corner and select Override Severity or CVSS.
Enter the new severity and score, and then click Save.