Severity Mapping

ClairCore will normalize a security databases's severity string to a set of defined values. Clients may use the NormalizedSeverity field on a claircore.Vulnerability to react to vulnerability severities without needing to know each security database's severity strings. All strings used in the mapping tables are identical to the strings found within the relevant security database.

ClairCore Severity Strings

The following are severity strings ClairCore will normalize others to. Clients can guarantee one of these strings will be associated with a claircore.Vulnerability.

Unknown
Negligible
Low
Medium
High
Critical
Defcon1

Alpine Mapping

Alpine SecDB database does not provide severity information. All vulnerability severities will be Unknown.

Alpine SeverityClair Severity
*Unknown

AWS Mapping

AWS UpdateInfo database provides severity information.

AWS SeverityClair Severity
lowLow
mediumMedium
importantHigh
criticalCritical

Debian Mapping

Debian Oval database does not provide severity information. All vulnerability severities will be Unknown.

Debian SeverityClair Severity
*Unknown

Oracle Mapping

Oracle Oval database provides severity information.

Oracle SeverityClair Severity
N/AUnknown
LOWLow
MODERATEMedium
IMPORTANTHigh
CRITICALCritical

RHEL Mapping

RHEL Oval database provides severity information.

RHEL SeverityClair Severity
NoneUnknown
LowLow
ModerateMedium
ImportantHigh
CriticalCritical

SUSE Mapping

SUSE Oval database provides severity information.

SUSE SeverityClair Severity
NoneUnknown
LowLow
ModerateMedium
ImportantHigh
CriticalCritical

Ubuntu Mapping

Ubuntu Oval database provides severity information.

Ubuntu SeverityClair Severity
UntriagedUnknown
NegligibleNegligible
LowLow
MediumMedium
HighHigh
CriticalCritical

Pyupio Mapping

The pyup.io database does not have a concept of "severity". All vulnerability severities will be Unknown.

Pyupio SeverityClair Severity
*Unknown