There is a column on the asset inventory page showing the count of vulnerabilities detected by Rapid7 for each asset. When a single asset is selected, the vulnerabilities table lists all the results related to that asset. The vulnerability count can be impacted by the type of vulnerability scan as well as the import settings selected.
The Vulnerabilities tab of the inventory lists all vulnerability results that have been imported from Rapid7. The table lists every result, and selecting a result will take you to the page for the impacted asset.
Severity and risk scores
Rapid7 assigns all vulnerabilities a severity rating (Moderate, Severe, or Critical) based on the vulnerability’s CVSSv2 score. runZero normalizes the severities shown the vulnerability inventory to be consistent across the runZero Console.
|runZero Severity||Rapid7 Severity||CVSS Range|
|Medium||Moderate||0.1 - 3.4|
|High||Severe||3.5 - 7.4|
|Critical||Critial||7.5 - 10.0|
runZero will also normalize risk scores assigned by Rapid7. A risk score of 0.0 will be shown as
none in the runZero Console, and all other risk scores will match the assigned severity level.