Criteria for Important CVE (Priority Filter)#
You can pre-configure conditions for vulnerabilities that are considered high-risk. When a new vulnerability that meets these conditions is detected, it will be sorted into the "Important CVE" tab, allowing you to prioritize remediation. You can review the configured conditions using the "Check \"Important CVE\" conditions" button.
The following conditions are set by default. Adjust them to match the vulnerabilities your organization considers critical.

Permissions to Modify the Priority Filter
Only Group Admins can change the conditions for sorting vulnerabilities into the "Important CVE" tab.
You can change these settings from Group Settings > Advanced Settings > Important CVE Conditions.
Priority Filter Criteria#
You can set conditions based on "SSVC Priority," "Vulnerability Priority," or "Vulnerability Characteristics." Vulnerabilities that meet any of the following conditions will be sorted into "Important CVE."
flowchart TD
A["Detected Vulnerability"] --> B{"Meets SSVC Priority<br>criteria?"}
B -- Yes --> R["Important CVE"]
B -- No --> C{"Meets Vulnerability Priority<br>criteria?"}
C -- Yes --> R
C -- No --> D{"Meets Vulnerability<br>Characteristics criteria?<br>CVSS Score / Vector / Exploit Code / Advisory Information"}
D -- Yes --> E{"Meets exclusion criteria?<br>Low Reliability / Unknown Windows Patch"}
E -- Yes --> F["Other Unresolved CVE"]
E -- No --> R
D -- No --> F
| Criteria | Options | Effect |
|---|---|---|
| SSVC Priority | Not selected | Does not include SSVC Priority as a condition. |
| immediate | Vulnerabilities whose highest SSVC Priority is 'immediate' will be included. | |
| out of cycle | Vulnerabilities whose highest SSVC Priority is 'out of cycle' or higher will be included. | |
| Vulnerability Priority | Not selected | Does not include Vulnerability Priority as a condition. |
| high | Vulnerabilities with a Vulnerability Priority of 'high' will be included. | |
| medium | Vulnerabilities with a Vulnerability Priority of 'medium' or higher will be included. | |
| CVSS Score | CVSS v2, v3, v4 | Vulnerabilities whose highest published CVSS score meets or exceeds this value will be included. |
| Red Hat, Microsoft | Vulnerabilities where the CVSS score provided by Red Hat or Microsoft (the maximum of v2 / v3 / v4) is greater than or equal to this value will be included. | |
| CVSS v3 Vector | AV/AC/PR/UI/S/C/I/A | Vulnerabilities matching at least one of the specified CVSS v3 vector metrics, from any data source (e.g., NVD or OVAL), will be included. |
| Reliability of published Exploit Code | Not selected | Does not include the presence of exploit code as a condition. |
| High | Vulnerabilities with HIGH-reliability published exploit code (Metasploit-Framework, or verified, highly reliable exploit code) will be included. | |
| Low | Vulnerabilities with LOW-reliability or higher published exploit code (Metasploit-Framework, Exploit-DB, etc.) will be included. | |
| Severity of published security advisories | Not selected | Does not include the presence of security advisories as a condition. |
| High | Vulnerabilities with advisories from KEV sources (CISA KEV, VulnCheck KEV, ENISA KEV) will be included. | |
| Low | Vulnerabilities with advisories from KEV sources or JPCERT/CC-Alerts will be included. | |
| Vulnerabilities with unreliable detection | Do not include in the target | Excludes vulnerabilities that meet the following conditions from "Important CVE": ・Vulnerabilities detected without CPE version information. ・Vulnerabilities detected only by JVN, not by NVD. |
| Include in the target | Does not include detection reliability as a condition. | |
| Vulnerabilities without information on Windows patch availability | Do not include in the target | Excludes vulnerabilities that meet the following conditions from "Important CVE": ・Vulnerabilities detected in Windows (particularly Edge) for which the applicable KB patch or build number is unknown. |
| Include in the target | Does not include whether Windows patch availability is unknown as a condition. |