Issues

Configure Issue Severity Overrides

This guide walks you through how to configure severity overrides for Issue Types in Method. Issue severity overrides allow you to customize how issues are prioritized based on your organization’s specific security posture and risk tolerance.

Important: Issue severity overrides only apply when issues are discovered or re-discovered. Changes to severity overrides do not automatically update the severity of existing open issues. The new severity will take effect the next time an issue of that type is found in your environment.

Method provides two levels of severity override control:

  • Global Overrides – Apply a severity override to an Issue Type across all environments
  • Environment-Level Overrides – Apply severity overrides to specific environments or groups of environments, providing fine-grained control

Environment-level overrides take precedence over global overrides, allowing you to maintain different severity standards for different parts of your infrastructure (for example, treating production issues with higher severity than development issues).

Search for Issue Types

The Issue Configuration interface allows you to quickly find and manage severity overrides for any Issue Type in your system. You can filter the list of Issue Types to find exactly what you’re looking for.

Select from the severity dropdown to filter Issue Types by severity (this will also include any overrides specified), or filter by Issue Type name using the search box

Use the severity dropdown to show only Issue Types with a particular severity level. This filter includes both default severities and any overrides you’ve configured. Alternatively, use the search box to find specific Issue Types by name.

Global Severity Overrides for Issue Types

Global overrides apply to all environments unless a specific environment-level override is configured. This is useful when you want to broadly adjust the severity of an Issue Type across your entire infrastructure.

Create or Update a Global Override

To create or update a global severity override for an Issue Type:

  1. Locate the Issue Type you want to override using the search and filter controls
  2. In the Default Severity section, select the severity you want to apply
Select a new severity level in the Default Severity section

After selecting your desired severity level, click the Save button to stage your changes.

Click Save to stage your severity override changes

A confirmation dialog will appear, prompting you to review the changes before they take effect. Click Continue to commit the override.

Click Continue to apply the override. Remember: this will only affect newly discovered issues of this type

Once confirmed, the global override is active. New instances of this Issue Type will be created with the overridden severity. Existing issues of this type will maintain their current severity until they are re-discovered.

Reset a Global Override

If you want to return an Issue Type to its default severity, you can reset the global override:

  1. Locate the Issue Type with the override you want to remove
  2. Click the Reset button next to the Default Severity section
Click Reset to remove the override and return to the default severity

After clicking Reset, save your changes by clicking the Save button.

Click Save to stage the reset

Confirm the reset in the dialog that appears. Click Continue to remove the override.

Click Continue to apply the reset. Future issues of this type will use the default severity

Environment-Level Severity Overrides for Issue Types

Environment-level overrides provide granular control over issue severity based on where issues are discovered. This is particularly valuable when you need different severity standards for production versus development, or when different teams manage different environments with varying risk tolerances.

Create or Update Environment Severity Overrides

Environment overrides can be configured individually for each environment, or applied in bulk to groups of environments:

  1. Locate the Issue Type you want to override
  2. Expand the environment-level overrides section for that Issue Type
  3. Use individual environment dropdowns to set specific severity levels, or use the top-level dropdown to apply the same severity to multiple environments at once
Update each Environment severity using the dropdown, or update an entire group of Environments using the top-level dropdown for bulk changes

The top-level dropdown is especially useful when you want to apply the same severity override across many environments quickly. Individual environment dropdowns allow for precise control when needed.

After configuring your environment-level overrides, click Save to stage your changes.

Click Save to stage your environment-level severity overrides

Review the changes in the confirmation dialog, then click Continue to apply the overrides.

Click Continue to apply the overrides. These will take effect for newly discovered issues in the specified environments

Once applied, issues of this type discovered in the specified environments will use the overridden severity rather than the global or default severity.

Reset Environment Severity Overrides

To remove environment-level overrides and return to using the global override (or default severity if no global override exists):

  1. Locate the Issue Type with environment overrides you want to remove
  2. Click the Reset button next to individual environment dropdowns, or use the top-level reset button to remove overrides from multiple environments at once
Click Reset for each Environment severity, or reset an entire group of Environments using the top-level reset button

The top-level reset button is helpful when you want to remove many environment-level overrides simultaneously, reverting them all to the global or default severity.

After resetting, save your changes by clicking the Save button.

Click Save to stage the reset of environment-level overrides

Confirm the reset in the dialog. Click Continue to remove the environment-level overrides.

Click Continue to apply the reset. Future issues in these environments will use the global or default severity

Once the reset is complete, those environments will no longer have specific overrides, and issues will be assigned severity based on the global override or the default severity defined for that Issue Type.