Custom risk classification

Use custom risk scores in QRadar® Vulnerability Manager to classify vulnerabilities that pose the most risk to your organization. Custom risk classification allows you to override a vulnerability's risk with your own risk classification.

Based on your individual requirements, you might want to override a vulnerability's risk with your own risk classification. A vulnerability that is classified as a high CVSS score by QRadar Vulnerability Manager may not actually pose a serious risk for numerous mitigating factors. For example, if a CVSS 9.5 IPv6 vulnerability is published, and an enterprise does not have any IPV6 infrastructure, then the high CVSS score is not justified.