Severity Update: Overview

Summary: High-level overview of the severity update workflow.

The severity update workflow provides organizations with the ability to update a vulnerability’s severity based on their own environment’s needs. The RiskSense platform provides an option to change a vulnerability’s severity using the Severity Update (SU) workflow.

The Severity Update workflow is used to update the severity level of a finding due to an increased risk within the specific environment. This workflow operates like the other three workflows; however, this workflow may run concurrently with one of the other three workflows (remediation, risk acceptance, and false positive).

The severity update states are shown in the Severity column on the Network > Host Findings and Application > Application Findings pages. There are four states associated with severity updates, as described below.




Severity Update - No Severity Update Icon

No Severity Update

The severity update workflow is not active on this vulnerability.

Severity Update - Severity Update Requested Icon

Severity Update Requested

A user submitted a severity update on this vulnerability, and it is awaiting manager approval.

Severity Update - Severity Update Approved Icon

Severity Update Approved

The severity update workflow completed successfully, and the severity has been updated.

Severity Update - Severity Update Reworked Icon

Severity Update Reworked

A manager sent this severity update back to the user for rework.