(1) Use nested queries when tokens have a shared key, in this example "vulnerability.cvss3Info".
vulnerability.cvss3Info:(baseScore>9 and temporalScore>7)
(2) Consider the intent of your query. Here's some examples.
Query 1: This will return potential vulnerability with severity 3, which is in Active, New or Reopened status. A detection is returned only when it matches all criteria.
vulnerability.severity:"3" AND vulnerability.typeDetected:"POTENTIAL_VULNERABILITY" and vulnerability.status:["ACTIVE","NEW","REOPENED"]
Query 2: This will return all web applications for which last scan status is submitted and tag MS WAS 1000 Webapp associated with it., and all patchable assets. An asset is returned when it matches only one criteria.
webapp.lastScanStatus:"SUBMITTED" AND webapp.tags.name: "MS WAS 1000 Webapp"