This document covers:
- Where to find priority ranks for application vulnerabilities in Security RX
- What data factors into the priority ranks of vulnerabilities
- How to use prioritization to remediate application security issues
Viewing priority rank in Security RX
To view the priority rank of vulnerabilities in your applications, go to one.newrelic.com > All capabilities > Security RX > Applications > All Vulnerabilities.
The priority ranking is based on all known data about a vulnerability. The Reason to prioritize column is a summary and weighting of key CVSS (Common Vulnerability Scoring System), EPSS (Exploit Prediction Scoring System) and known active ransomware data.
Data influencing priority rank
Example of ranking logic
A vulnerability that's "high" severity with an EPSS of "exploit probable" might rank higher than a vulnerability with a "critical" severity with an EPSS level that's lower than an 85th percentile probability of exploitation.
Using prioritization in your workflow
When remediating application vulnerabilities:
- Focus on high-priority vulnerabilities first - Start with vulnerabilities that have multiple risk factors (high CVSS + high EPSS + active ransomware)
- Consider your application context - A high-priority vulnerability in a public-facing application requires more urgent attention than the same vulnerability in an internal tool
- Track exposure windows - Monitor how long vulnerabilities remain unpatched in your applications
- Set up alerts - Configure notifications for new high-priority vulnerabilities in your critical applications
What's next?
Now that you understand how application vulnerabilities are prioritized:
Monitor entity security
Track vulnerabilities in specific applications
Manage organization vulnerabilities
View vulnerability surface area across all applications
Manage vulnerability status
Change status to Ignored, Affected, or Fixed
Set up alerts
Get notified when high-priority vulnerabilities are detected