An update on question 2
2) We score the CVSS using the following
Critical : 9.0 - 10
High : 7.0 - 8.9
Medium : 4.0 - 6.9
Low : 3.9 or below
but NCM doesn't seem to have a critical section, it just considers everything above 7 as high, is there somewhere I can configure this as we have 7 days to fix a critical vulnerability but 30 days to fix a high one so I need to be able to separate them in reports and the resource?
It been officially opened as a feature request with Solarwinds Dev as it is currently not possible, I've created a thread here too.