Hello Community!
I am reaching out to get some assistance with establishing Vulnerability response calculator rule to calculate weighted average score from the severity of the identified credential host from Tenable to ServiceNow.
I want to use this formula where let's say-
Findings and host scanned totals to 115 Hosts, and
- Severity of Critical and high finding1 = 10
- Severity of Medium findings2 = 504
- Severity of Low findings3 = 3000
therefore finding per host ---
Critical and high Finding1 = 10/115 = 0.09 | Medium Finding2= 504/115 = 4.38 | Low Finding3 = 3000/115 = 26.09 and, therefore according to formula,
where weighted = (10/4/1) total of 15
Weighed Average = (0.09 * 10 + 4.38 * 4 + 26.09 *1 ) / 15 = 2.97
So, if finding per host is >= 2.5 than its considered Moderate Severity and if Weighted Average is >= 3.5 is considered as Vulnerability with Critical-1 Severity
Now, I wanted to understand how I can use this formula to implement in my Vulnerability Response Calculator!! Has anyone applied such cases in their Vulnerability Response Project or so with Tenable Integration?
