diff --git a/ee/app/assets/javascripts/security_orchestration/components/policy_editor/scan_result/rule/rule_section.vue b/ee/app/assets/javascripts/security_orchestration/components/policy_editor/scan_result/rule/rule_section.vue
index 5af738704260a3101ba8a27b120774ae0268edd2..1351e5d3580543e8e9442e0ec1b607597c281186 100644
--- a/ee/app/assets/javascripts/security_orchestration/components/policy_editor/scan_result/rule/rule_section.vue
+++ b/ee/app/assets/javascripts/security_orchestration/components/policy_editor/scan_result/rule/rule_section.vue
@@ -1,9 +1,11 @@
 <script>
 import { GlButton, GlAlert, GlSprintf } from '@gitlab/ui';
+import glFeatureFlagsMixin from '~/vue_shared/mixins/gl_feature_flags_mixin';
 import { ANY_MERGE_REQUEST, SCAN_FINDING, LICENSE_FINDING } from '../lib';
 import { RULE_OR_LABEL } from '../../constants';
 import AnyMergeRequestRuleBuilder from './any_merge_request_rule_builder.vue';
 import SecurityScanRuleBuilder from './security_scan_rule_builder.vue';
+import SecurityScanRuleBuilderV2 from './security_scan_rule_builder_v2.vue';
 import LicenseScanRuleBuilder from './license_scan_rule_builder.vue';
 import DefaultRuleBuilder from './default_rule_builder.vue';
 
@@ -16,8 +18,10 @@ export default {
     DefaultRuleBuilder,
     AnyMergeRequestRuleBuilder,
     SecurityScanRuleBuilder,
+    SecurityScanRuleBuilderV2,
     LicenseScanRuleBuilder,
   },
+  mixins: [glFeatureFlagsMixin()],
   props: {
     disabledRuleTypes: {
       type: Array,
@@ -61,6 +65,9 @@ export default {
     };
   },
   computed: {
+    hasKevFilterEnabled() {
+      return this.glFeatures.securityPoliciesKevFilter;
+    },
     isAnyMergeRequestRule() {
       return this.initRule.type === ANY_MERGE_REQUEST;
     },
@@ -139,7 +146,7 @@ export default {
         />
 
         <security-scan-rule-builder
-          v-else-if="isSecurityRule"
+          v-else-if="isSecurityRule && !hasKevFilterEnabled"
           :disabled-rule-types="disabledRuleTypes"
           :init-rule="initRule"
           @error="handleError"
@@ -148,6 +155,11 @@ export default {
           @set-scan-type="setScanType"
         />
 
+        <security-scan-rule-builder-v2
+          v-else-if="isSecurityRule && hasKevFilterEnabled"
+          :init-rule="initRule"
+        />
+
         <license-scan-rule-builder
           v-else-if="isLicenseRule"
           :disabled-rule-types="disabledRuleTypes"
diff --git a/ee/app/assets/javascripts/security_orchestration/components/policy_editor/scan_result/rule/scanners/global_settings.vue b/ee/app/assets/javascripts/security_orchestration/components/policy_editor/scan_result/rule/scanners/global_settings.vue
new file mode 100644
index 0000000000000000000000000000000000000000..7f4ce017aa084bdd78182150730e62b72c8f41de
--- /dev/null
+++ b/ee/app/assets/javascripts/security_orchestration/components/policy_editor/scan_result/rule/scanners/global_settings.vue
@@ -0,0 +1,216 @@
+<script>
+import { s__ } from '~/locale';
+import AttributeFilters from 'ee/security_orchestration/components/policy_editor/scan_result/rule/scan_filters/attribute_filters.vue';
+import ScanFilterSelector from 'ee/security_orchestration/components/policy_editor/scan_filter_selector.vue';
+import SectionLayout from 'ee/security_orchestration/components/policy_editor/section_layout.vue';
+import SeverityFilter from 'ee/security_orchestration/components/policy_editor/scan_result/rule/scan_filters/severity_filter.vue';
+import StatusFilters from 'ee/security_orchestration/components/policy_editor/scan_result/rule/scan_filters/status_filters.vue';
+import { SEVERITY_LEVELS } from 'ee/security_dashboard/constants';
+import {
+  AGE,
+  ATTRIBUTE,
+  FILTERS,
+  NEWLY_DETECTED,
+  PREVIOUSLY_EXISTING,
+  FIX_AVAILABLE,
+  FALSE_POSITIVE,
+  STATUS,
+} from 'ee/security_orchestration/components/policy_editor/scan_result/rule/scan_filters/constants';
+import {
+  buildFiltersFromRule,
+  groupVulnerabilityStatesWithDefaults,
+} from 'ee/security_orchestration/components/policy_editor/scan_result/lib';
+import { normalizeVulnerabilityStates, getAgeTooltip } from './utils';
+
+export default {
+  FILTERS,
+  i18n: {
+    title: s__('ScanResultPolicy|Global Settings'),
+    description: s__('ScanResultPolicy|Severity and status settings will apply to all scan rules'),
+  },
+  name: 'GlobalSettings',
+  components: {
+    AttributeFilters,
+    ScanFilterSelector,
+    SectionLayout,
+    SeverityFilter,
+    StatusFilters,
+  },
+  props: {
+    initRule: {
+      type: Object,
+      required: true,
+    },
+  },
+  emits: ['changed'],
+  data() {
+    return {
+      // filters: buildFiltersFromRule(this.initRule),
+    };
+  },
+  computed: {
+    filters() {
+      return buildFiltersFromRule(this.initRule);
+    },
+    isAttributeFilterSelected() {
+      return this.isFilterSelected(FIX_AVAILABLE) || this.isFilterSelected(FALSE_POSITIVE);
+    },
+    isStatusFilterSelected() {
+      return this.isFilterSelected(NEWLY_DETECTED) || this.isFilterSelected(PREVIOUSLY_EXISTING);
+    },
+    severityLevels() {
+      const { severity_levels: severityLevels = [] } = this.initRule;
+
+      if (!Array.isArray(severityLevels)) {
+        return [];
+      }
+
+      return severityLevels.length === 0 ? Object.keys(SEVERITY_LEVELS) : severityLevels;
+    },
+    vulnerabilityAttributes() {
+      return this.initRule?.vulnerability_attributes || {};
+    },
+    vulnerabilityStates() {
+      const vulnerabilityStateGroups = groupVulnerabilityStatesWithDefaults(
+        this.initRule.vulnerability_states,
+      );
+      return {
+        [PREVIOUSLY_EXISTING]: vulnerabilityStateGroups[PREVIOUSLY_EXISTING],
+        [NEWLY_DETECTED]: vulnerabilityStateGroups[NEWLY_DETECTED],
+      };
+    },
+  },
+  methods: {
+    customFilterSelectorTooltip(filter) {
+      return filter.value === AGE ? getAgeTooltip(filter, this.vulnerabilityStates) : '';
+    },
+    isFilterSelected(filter) {
+      return Boolean(this.filters[filter]);
+    },
+    changeStatusGroup(states) {
+      this.triggerChanged({
+        vulnerability_states: states,
+      });
+    },
+    removeStatusFilter(filter) {
+      this.triggerChanged({
+        vulnerability_states: {
+          ...this.vulnerabilityStates,
+          [filter]: null,
+        },
+      });
+    },
+    removeAttributesFilter(attribute) {
+      const { [attribute]: deletedAttribute, ...otherAttributes } = this.vulnerabilityAttributes;
+      this.triggerChanged({ vulnerability_states: otherAttributes });
+    },
+    removeFilterFromRule(filter) {
+      const { [filter]: deletedFilter, ...otherFilters } = this.initRule;
+      this.$emit('changed', otherFilters);
+    },
+    setVulnerabilityStates(vulnerabilityStates) {
+      this.triggerChanged({
+        vulnerability_states: normalizeVulnerabilityStates(vulnerabilityStates),
+      });
+    },
+    setVulnerabilityAttributes(attributes) {
+      if (!Object.keys(attributes).length) {
+        this.removeFilterFromRule('vulnerability_attributes');
+        return;
+      }
+
+      this.triggerChanged({
+        vulnerability_attributes: attributes,
+      });
+    },
+    shouldDisableFilterSelector(filter) {
+      if (filter !== AGE) {
+        return false;
+      }
+
+      return !this.vulnerabilityStates[PREVIOUSLY_EXISTING]?.length;
+    },
+    triggerChanged(value) {
+      this.$emit('changed', { ...this.initRule, ...value });
+    },
+    selectFilter(filter) {
+      if (filter === STATUS) {
+        const key = this.filters[NEWLY_DETECTED] ? PREVIOUSLY_EXISTING : NEWLY_DETECTED;
+
+        this.triggerChanged({
+          vulnerability_states: {
+            ...this.vulnerabilityStates,
+            [key]: true,
+          },
+        });
+        return;
+      }
+
+      if (filter === ATTRIBUTE) {
+        const key =
+          Object.keys(this.vulnerabilityAttributes)[0] === FIX_AVAILABLE
+            ? FALSE_POSITIVE
+            : FIX_AVAILABLE;
+
+        this.triggerChanged({
+          vulnerability_attributes: {
+            ...this.vulnerabilityAttributes,
+            [key]: true,
+          },
+        });
+        return;
+      }
+
+      this.triggerChanged({
+        [filter]: [],
+      });
+    },
+  },
+};
+</script>
+
+<template>
+  <section-layout class="gl-w-full" :show-remove-button="false">
+    <template #content>
+      <div class="gl-w-full">
+        <div>
+          <h5 class="gl-mb-2">{{ $options.i18n.title }}</h5>
+          <p class="gl-mb-0">{{ $options.i18n.description }}</p>
+        </div>
+
+        <div class="gl-mt-4">
+          <severity-filter class="!gl-bg-default" :selected="severityLevels" />
+        </div>
+
+        <div v-if="isStatusFilterSelected" class="gl-mt-4">
+          <status-filters
+            :filters="filters"
+            :selected="vulnerabilityStates"
+            @remove="removeStatusFilter"
+            @change-status-group="changeStatusGroup"
+            @input="setVulnerabilityStates"
+          />
+        </div>
+
+        <div v-if="isAttributeFilterSelected" class="gl-mt-4">
+          <attribute-filters
+            :selected="vulnerabilityAttributes"
+            @remove="removeAttributesFilter"
+            @input="setVulnerabilityAttributes"
+          />
+        </div>
+      </div>
+
+      <div class="gl-mt-2 gl-w-full">
+        <scan-filter-selector
+          class="gl-w-full !gl-bg-default"
+          :filters="$options.FILTERS"
+          :selected="filters"
+          :should-disable-filter="shouldDisableFilterSelector"
+          :custom-filter-tooltip="customFilterSelectorTooltip"
+          @select="selectFilter"
+        />
+      </div>
+    </template>
+  </section-layout>
+</template>
diff --git a/ee/app/assets/javascripts/security_orchestration/components/policy_editor/scan_result/rule/scanners/utils.js b/ee/app/assets/javascripts/security_orchestration/components/policy_editor/scan_result/rule/scanners/utils.js
new file mode 100644
index 0000000000000000000000000000000000000000..1efb50f26b4cbab1bf2f9e0995649a01af68f3f1
--- /dev/null
+++ b/ee/app/assets/javascripts/security_orchestration/components/policy_editor/scan_result/rule/scanners/utils.js
@@ -0,0 +1,59 @@
+// scanFiltersUtils.js
+import { xor } from 'lodash';
+import {
+  AGE_TOOLTIP_NO_PREVIOUSLY_EXISTING_VULNERABILITY,
+  AGE_TOOLTIP_MAXIMUM_REACHED,
+  DEFAULT_VULNERABILITY_STATES,
+  NEWLY_DETECTED,
+  PREVIOUSLY_EXISTING,
+  FIX_AVAILABLE,
+  FALSE_POSITIVE,
+  STATUS,
+  ATTRIBUTE,
+} from 'ee/security_orchestration/components/policy_editor/scan_result/rule/scan_filters/constants';
+
+export function normalizeVulnerabilityStates(vulnerabilityStates) {
+  const states = [
+    ...(vulnerabilityStates[NEWLY_DETECTED] || []),
+    ...(vulnerabilityStates[PREVIOUSLY_EXISTING] || []),
+  ];
+
+  if (!states.length) return null;
+
+  const matchesDefault = xor(states, DEFAULT_VULNERABILITY_STATES).length === 0;
+
+  return matchesDefault ? [] : states;
+}
+
+export function updateCombinedFilters(filters) {
+  return {
+    ...filters,
+    [STATUS]: Boolean(filters[NEWLY_DETECTED] && filters[PREVIOUSLY_EXISTING]),
+    [ATTRIBUTE]: Boolean(filters[FIX_AVAILABLE] && filters[FALSE_POSITIVE]),
+  };
+}
+
+export function toggleStatusFilter(filters) {
+  const nextKey = filters[NEWLY_DETECTED] ? PREVIOUSLY_EXISTING : NEWLY_DETECTED;
+
+  return updateCombinedFilters({
+    ...filters,
+    [nextKey]: true,
+  });
+}
+
+export function toggleAttributeFilter(attributes) {
+  const key = Object.keys(attributes)[0] === FIX_AVAILABLE ? FALSE_POSITIVE : FIX_AVAILABLE;
+
+  return {
+    ...attributes,
+    [key]: true,
+  };
+}
+
+export function getAgeTooltip(filter, vulnerabilityStates) {
+  if (!vulnerabilityStates[PREVIOUSLY_EXISTING]?.length) {
+    return filter.tooltip[AGE_TOOLTIP_NO_PREVIOUSLY_EXISTING_VULNERABILITY];
+  }
+  return filter.tooltip[AGE_TOOLTIP_MAXIMUM_REACHED];
+}
diff --git a/ee/app/assets/javascripts/security_orchestration/components/policy_editor/scan_result/rule/security_scan_rule_builder_v2.vue b/ee/app/assets/javascripts/security_orchestration/components/policy_editor/scan_result/rule/security_scan_rule_builder_v2.vue
new file mode 100644
index 0000000000000000000000000000000000000000..fe3e5490408d4ee7b96a964156cc0a6dd0e5b0a9
--- /dev/null
+++ b/ee/app/assets/javascripts/security_orchestration/components/policy_editor/scan_result/rule/security_scan_rule_builder_v2.vue
@@ -0,0 +1,159 @@
+<script>
+import { GlSprintf } from '@gitlab/ui';
+import { s__ } from '~/locale';
+import { REPORT_TYPES_DEFAULT } from 'ee/security_dashboard/constants';
+import {
+  ANY_OPERATOR,
+  GREATER_THAN_OPERATOR,
+  BRANCH_EXCEPTIONS_KEY,
+  SCAN_RESULT_BRANCH_TYPE_OPTIONS,
+  VULNERABILITIES_ALLOWED_OPERATORS,
+} from 'ee/security_orchestration/components/policy_editor/constants';
+import BranchSelection from 'ee/security_orchestration/components/policy_editor/branch_selection.vue';
+import BranchExceptionSelector from 'ee/security_orchestration/components/policy_editor/branch_exception_selector.vue';
+import SectionLayout from 'ee/security_orchestration/components/policy_editor/section_layout.vue';
+import RuleMultiSelect from 'ee/security_orchestration/components/policy_editor/rule_multi_select.vue';
+import { enforceIntValue } from 'ee/security_orchestration/components/policy_editor/utils';
+import { getDefaultRule } from '../lib';
+import ScanTypeSelect from './scan_type_select.vue';
+import NumberRangeSelect from './number_range_select.vue';
+import GlobalSettings from './scanners/global_settings.vue';
+
+export default {
+  REPORT_TYPES_DEFAULT,
+  REPORT_TYPES_DEFAULT_KEYS: Object.keys(REPORT_TYPES_DEFAULT),
+  VULNERABILITIES_ALLOWED_OPERATORS,
+  i18n: {
+    scanners: s__('ScanResultPolicy|scanners'),
+    scanResultRuleCopy: s__(
+      'ScanResultPolicy|When a %{scanType} with %{scanners} runs against %{branches} %{branchExceptions} and finds %{vulnerabilitiesNumber} vulnerability type that matches all the following criteria:',
+    ),
+    vulnerabilitiesAllowed: s__('ScanResultPolicy|vulnerabilities allowed'),
+  },
+  name: 'SecurityScanRuleBuilder',
+  components: {
+    NumberRangeSelect,
+    BranchExceptionSelector,
+    BranchSelection,
+    GlobalSettings,
+    GlSprintf,
+    RuleMultiSelect,
+    ScanTypeSelect,
+    SectionLayout,
+  },
+  inject: ['namespaceType'],
+  props: {
+    initRule: {
+      type: Object,
+      required: true,
+    },
+  },
+  emits: ['set-scan-type', 'changed', 'error'],
+  computed: {
+    branchExceptions() {
+      return this.initRule.branch_exceptions;
+    },
+    branchTypes() {
+      return SCAN_RESULT_BRANCH_TYPE_OPTIONS(this.namespaceType);
+    },
+    scanners() {
+      return this.initRule.scanners.length === 0
+        ? this.$options.REPORT_TYPES_DEFAULT_KEYS
+        : this.initRule.scanners;
+    },
+    selectedVulnerabilitiesOperator() {
+      return this.vulnerabilitiesAllowed === 0 ? ANY_OPERATOR : GREATER_THAN_OPERATOR;
+    },
+    vulnerabilitiesAllowed() {
+      return enforceIntValue(this.initRule.vulnerabilities_allowed);
+    },
+  },
+  methods: {
+    handleVulnerabilitiesOperatorChange(value) {
+      if (value === ANY_OPERATOR) {
+        this.setVulnerabilitiesAllowed(0);
+      }
+    },
+    setVulnerabilitiesAllowed(value) {
+      this.triggerChanged({ vulnerabilities_allowed: value });
+    },
+    setScanType(value) {
+      const rule = getDefaultRule(value);
+      this.$emit('set-scan-type', rule);
+    },
+    setBranchType(value) {
+      this.$emit('changed', value);
+    },
+    triggerChanged(value) {
+      this.$emit('changed', { ...this.initRule, ...value });
+    },
+    removeExceptions() {
+      const rule = { ...this.initRule };
+      if (BRANCH_EXCEPTIONS_KEY in rule) {
+        delete rule[BRANCH_EXCEPTIONS_KEY];
+      }
+
+      this.$emit('changed', rule);
+    },
+  },
+};
+</script>
+
+<template>
+  <section-layout class="gl-pr-0" :show-remove-button="false" @changed="$emit('changed', $event)">
+    <template #content>
+      <section-layout :show-remove-button="false">
+        <template #content>
+          <gl-sprintf :message="$options.i18n.scanResultRuleCopy">
+            <template #scanType>
+              <scan-type-select :scan-type="initRule.type" @select="setScanType" />
+            </template>
+
+            <template #scanners>
+              <rule-multi-select
+                :value="scanners"
+                class="!gl-inline gl-align-middle"
+                :item-type-name="$options.i18n.scanners"
+                :items="$options.REPORT_TYPES_DEFAULT"
+                data-testid="scanners-select"
+                @error="$emit('error', $event)"
+              />
+            </template>
+
+            <template #branches>
+              <branch-selection
+                :init-rule="initRule"
+                :branch-types="branchTypes"
+                @changed="triggerChanged($event)"
+                @set-branch-type="setBranchType"
+              />
+            </template>
+
+            <template #branchExceptions>
+              <branch-exception-selector
+                :selected-exceptions="branchExceptions"
+                @remove="removeExceptions"
+                @select="triggerChanged"
+              />
+            </template>
+
+            <template #vulnerabilitiesNumber>
+              <number-range-select
+                id="vulnerabilities-allowed"
+                :value="vulnerabilitiesAllowed"
+                :label="$options.i18n.vulnerabilitiesAllowed"
+                :selected="selectedVulnerabilitiesOperator"
+                :operators="$options.VULNERABILITIES_ALLOWED_OPERATORS"
+                @operator-change="handleVulnerabilitiesOperatorChange"
+              />
+            </template>
+          </gl-sprintf>
+        </template>
+      </section-layout>
+
+      <div class="gl-w-full gl-rounded-base gl-bg-white gl-p-4">
+        <global-settings :init-rule="initRule" />
+      </div>
+    </template>
+  </section-layout>
+</template>
diff --git a/locale/gitlab.pot b/locale/gitlab.pot
index 0d544087a61cd163bb27b51a7027f7e66865a8f9..984fd2a1ca3334da0f125d4619f87efab22ae611 100644
--- a/locale/gitlab.pot
+++ b/locale/gitlab.pot
@@ -58744,6 +58744,9 @@ msgstr ""
 msgid "ScanResultPolicy|For scanners that require builds, when a project does not have a build pipeline."
 msgstr ""
 
+msgid "ScanResultPolicy|Global Settings"
+msgstr ""
+
 msgid "ScanResultPolicy|Grant bypass permissions to users based on their organizational role or custom role assignments."
 msgstr ""
 
@@ -58981,6 +58984,9 @@ msgstr ""
 msgid "ScanResultPolicy|Service accounts"
 msgstr ""
 
+msgid "ScanResultPolicy|Severity and status settings will apply to all scan rules"
+msgstr ""
+
 msgid "ScanResultPolicy|Severity is:"
 msgstr ""
 
@@ -59020,6 +59026,9 @@ msgstr ""
 msgid "ScanResultPolicy|When a %{scanType} with %{scanners} runs against %{branches} %{branchExceptions} and finds %{vulnerabilitiesNumber} %{boldDescription} all the following criteria:"
 msgstr ""
 
+msgid "ScanResultPolicy|When a %{scanType} with %{scanners} runs against %{branches} %{branchExceptions} and finds %{vulnerabilitiesNumber} vulnerability type that matches all the following criteria:"
+msgstr ""
+
 msgid "ScanResultPolicy|When a security policy fails for an unspecified reason."
 msgstr ""