When sorting a dashboard widget based on a specific risk vector that displays a list of user entities, the sort order does not match the entities' Risk Rating.
Release : 6.5.x
Component : Widgets
The risk rating (i.e. CRITICAL, HIGH, etc.) isn't a measure of a user entity with respect to a specific risk vector; it's an aggregate label applied to the entity. When a dashboard widget is based on a specific risk vector, the sort order is based on the weighted score of each user against that risk vector; however, the risk rating value displayed for each user is an aggregate value based on each user entity's risk score, which can span multiple risk vectors.
This means that, when focusing on a specific vector and sorting by the scores for that vector, an entity might have the highest score for that vector, but his or her aggregate risk rating could be lower than that of other entities included in the result set and displayed in the widget. For example, an entity might have the highest score for a FAILED AUTHENTICATION vector, which would cause that user to sort to the top when looking at that vector, but otherwise, the user's risk score is low risk and therefore has an aggregate label of LOW.
The product is working as designed.