Understanding Risk Score Classifications in Nucleus:

The Nucleus Risk Score is a numeric value between 0 and 1000 that represents the relative risk of an asset or vulnerability. To help quickly interpret these scores, Nucleus uses color-coded severity categories:

• Critical (Red): 900–1000

• High (Orange): 650–899

• Medium (Yellow): 310–649

• Low (Green): 0–309

These thresholds allow you to easily distinguish between assets or vulnerabilities that require urgent attention versus those that represent lower priority risks.

Where You’ll See Risk Scores:

Risk Scores are displayed throughout the platform, including:

• Assets Page: Each asset is shown with its Risk Score and corresponding color classification.

• Findings and Vulnerabilities Views: Instances of vulnerabilities include Risk Scores that roll up into the asset-level score.

• Dashboards and Reports: Widgets and charts will use the same color-coded scheme for consistency.

How Risk Scores Are Calculated:

Risk Scores are calculated using Nucleus’ prioritization engine, which considers a combination of:

• Vulnerability severity (CVSS, scanner ratings)

• Threat intelligence context (e.g., CISA KEV, exploit activity, EPSS)

• Business context

• Environmental factors

This calculation ensures scores are risk-based rather than purely severity-based, enabling more effective remediation prioritization.

For a deeper dive into how Nucleus prioritizes vulnerabilities and risk, see Weighting Risk.

Best Practices:

• Use the color-coded views to quickly triage and focus on Critical (Red) and High (Orange) assets.

• Apply automation rules to assign remediation SLAs or ticketing workflows based on these thresholds.

• Monitor Medium and Low risk assets over time as they can escalate if new threat intelligence emerges.