In AVR module, for few AVITs Risk rating and Risk score are not reflected based on Source severity
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-01-2024 11:53 PM
We have a connector integrated with ServiceNow AVR module. For few Application Vulnerable Items (AVITs) in sn_vul_app_vulnerable_item table the Risk rating and Risk score is not getting calculated based on Source severity and mapping as defined in sn_vul_severity_map table.
Likewise in the below snapshot we could see although the Source severity is High but Risk rating is being calculated as Medium. Usually the mapping is correct for most of the AVITs but for few of them we could see the issue where they are mapped incorrectly (like High is mapped to Medium or Medium is mapped to High or Critical is mapped to High).
I am unable to figure out the root cause of this issue, can anybody please guide me to troubleshoot this issue.
Thanks in advance.