Manually Editing Risk

Learn how to manually determine the risk score of assets and vulnerability instances

Updated over a week ago

Why would you want to edit risks manually?

A scenario to consider

Vulcan’s risk algorithm intelligently incorporates different contextual attributes to produce a dynamic risk score for each vulnerability instance in your environment.
However, sometimes assets or vulnerabilities might occur under specific circumstances, requiring you to determine their risk score manually. A vulnerability that would otherwise pose a Critical risk could be manually brought down to a Low if the asset it affects has a compensating control, such as a firewall that would mitigate the vulnerability.

Editing risk manually

To manually edit a risk on a vulnerability instance:

  1. Navigate to the vulnerability in question.

  2. Click the Assets tab

  3. Select the affected assets you want to change the risk for

  4. Click Edit risk for X assets

  5. In the Edit Risk popup, enter the risk score you want to apply to the affected assets.

  6. Optionally, you may add a comment detailing why you made the change.

  7. Click Save

  8. You've manually edited risk!

Reverting manual edits

You may revert any manual edits you made at any point. When a vulnerability affects assets for which the risk score has been edited, the Revet X edits buttons appear.

Clicking the button reverts all the changes in the current view to their original, calculated risk.

See it in action


  • Changes might take a few minutes to be reflected system-wide.

  • Changing the risk score will affect SLAs. It might cause an SLA-Exceeding vulnerability to become compliant or vice-versa.

  • By default, all user roles can edit risk scores. If you want to restrict this functionality, see Role-Based Access Control.

Read Next:

Did this answer your question?