Skip to main content

Normalization Engine Overview

The Normalization Engine provides a centralized control layer for standardizing vulnerability severity and CVSS scores across all scanners, assessments, and integrations. It allows security teams to override scanner inconsistencies, reduce noise, and align vulnerability risk with internal security policies — ensuring consistent prioritization across the organization.

Normalization Engine Dashboard

From this dashboard, teams can:
  • View all normalization rules and their active/inactive status
  • Instantly enable or disable rules
  • Review applied actions (severity or CVSS changes)
  • Track rule creation and modification timestamps

Create Normalization Rule

Creating a normalization rule begins with defining rule metadata and conditions that determine when the rule should trigger.

Create Normalization Rule – Conditions

Rule Configuration Includes

  • Rule Name — Clear identifier for the rule
  • Description — Purpose and intent
  • Conditions — Matching logic based on vulnerability attributes
    • Field
    • Operator
    • Value
Multiple conditions can be combined to create precise and targeted normalization logic.

Rule Actions – Set Discrete Severity

The Set Discrete Severity action overrides the vulnerability’s severity with a fixed value whenever conditions are met.

Normalization Rule – Set Discrete Severity

Supported Severity Levels

  • Critical
  • High
  • Medium
  • Low
  • Info
  • None
This action is commonly used to:
  • Downgrade noisy or low-impact findings
  • Elevate critical vulnerability classes
  • Align severity with internal risk frameworks

Rule Actions – Transform CVSS Score

For advanced tuning, the Normalization Engine supports CVSS score transformation using mathematical operations.

Normalization Rule – Transform CVSS Score

CVSS Transformation Capabilities

  • Select a mathematical operation
  • Apply a value (e.g., +1.5, ×0.8, −2)
  • Automatically recalculate severity based on the updated CVSS score
This enables:
  • Context-aware risk scoring
  • Asset-sensitive prioritization
  • Fine-grained control without discarding CVSS fidelity

Execute Normalization

The Execute Normalization action applies all active normalization rules to existing vulnerability data across the platform. This is especially useful when:
  • New normalization rules are introduced
  • Severity logic is updated
  • Historical vulnerabilities need re-evaluation

Execute Normalization Confirmation

Once confirmed, the engine recalculates severity and CVSS scores automatically — without requiring rescans.

Why the Normalization Engine Matters

The Normalization Engine ensures vulnerability scoring reflects your organization’s real-world risk, not just scanner defaults. It helps teams:
  • Reduce alert fatigue
  • Maintain consistent severity standards
  • Align technical findings with business impact
  • Improve remediation prioritization

Explore Live Demo

Explore Vulnerability Management Live — No Signup Needed

See how Snapsec’s Normalization Engine recalculates severity, transforms CVSS scores, and aligns vulnerability risk scoring in real time — all without creating an account.