A custom vulnerability policy has been created, however events aren't getting fired for the policy.
Understanding the Issue
Our vulnerability policy severity field is a comma separated field.
If you would only like the policy to alert on critical and high you would enter:
Ensure there are no spaces
Introducing spaces such as
This will result in the policy not being able to match itself to events and as a result you won't get events generated for it.