Hi,

I have vulnerability dataset. Each vulnerability comes with a score from the scanning tool. Scanning tool has its own calculation and assigns a severity based on that.

We on customer side, calculate Severity based on customer defined score ranges below:

9.0-10.0 > CRITICAL
7.0-8.9 > HIGH
4.0-6.9 > MEDIUM
0.1-3.9 > LOW
0.0 > NONE

Issue is that when data comes from source/scanning tool, it has its own severities which are not always lined up with the above ranges. Our Score ranges above is the main root guideline to use.

Example:
Often times, Severity from data does not match the Score that is passed by the tool as I mentioned above.

A Severity of MAJOR in data coming with a Score of 3.0.
A Severity of MINOR in data coming with a Score of 3.0.
A Severity of CRITICAL in data coming with a Score of 0.0.
A Severity of CRITICAL in data coming with a Score of 10.0 (This is correct and inline with our ranges above)

I need both of the options below:

Desired output 1 (based on score ranges):

SEVERITY_Data  Score_Data   Severity_Adjusted_Score   Severity_Adjusted_Code
MAJOR                             3.0                       Median of 0.1-3.9                               LOW

Desired output 2 (based on SEVERITY_Data e.g. value is MAJOR):

SEVERITY_Data   Score_Data   Severity_Adjusted_Score   Severity_Adjusted_Code
MAJOR                               3.0                      Median of 7.0-8.9                               HIGH

Likewise for the rest of the severities and score ranges. Thanks in advance!!!