This document covers:
- Where to find priority ranks in Vulnerability Management
- What data factors into the priority ranks of vulnerabilities
Viewing priority rank in Vulnerability Management
one.newrelic.com > All capabilities > Vulnerability Management > (select vulnerabilities tab)
The priority ranking is based on all known data about a vulnerability. The Reason to prioritize column is a summary and weighting of key CVSS (Common Vulnerability Scoring System), EPSS (Exploit Prediction Scoring System), IAST confirmed findings, and known active ransomware data.
Data influencing priority rank
Example of ranking logic
A vulnerability that's "high" severity with an EPSS of "exploit probable" might rank higher than a vulnerability with a "critical" severity with an EPSS level that's lower than an 85th percentile probability of exploitation.