How runZero maps Rapid7 hosts to assets:
For Rapid7 hosts that can be matched to an existing runZero asset, asset-level attributes such as IP address, hostname, and MAC address will be updated, and Rapid7-specific attributes will be added.
For hosts that cannot be matched with an existing runZero asset, a new asset will be created in the site specified when the integration task is set up.
runZero is able to merge existing assets with Rapid7 data when the MAC address, hostname, or IP address overlaps. Rapid7 hosts can also be manually merged into runZero assets using the Merge button on the Asset Inventory page.
There is a column on the asset inventory page showing the count of vulnerabilities detected by Rapid7 for each asset. When a single asset is selected, the vulnerabilities table lists all the results related to that asset. The vulnerability count can be impacted by the type of vulnerability scan as well as the import settings selected.
The Vulnerabilities tab of the inventory lists all vulnerability results that have been imported from Rapid7. The table lists every result, and selecting a result will take you to the page for the impacted asset.
Severity and risk scores
Rapid7 assigns all vulnerabilities a severity rating (Moderate, Severe, or Critical) based on the vulnerability’s CVSSv2 score. runZero normalizes the severities shown the vulnerability inventory to be consistent across the runZero Console.
|runZero Severity||Rapid7 Severity||CVSS Range|
|Medium||Moderate||0.1 - 3.4|
|High||Severe||3.5 - 7.4|
|Critical||Critial||7.5 - 10.0|
runZero will also normalize risk scores assigned by Rapid7. A risk score of 0.0 will be shown as
none in the runZero Console, and all other risk scores will match the assigned severity level.