Incident Severity

Incident Severity is computed as the highest severity of compliance policy failure events which is bumped up to the next level severity if there is Sensitive information detected.

For example, a bucket has the following policy failures →
Ensure the S3 bucket is unencrypted has medium severity
Ensure S3 bucket is not publicly accessible has high severity
Has data which is classified as PII_LI which marked as Sensitive Information
Then the Incident Severity would be critical ( highest of (medium, high) of compliance policy failures → bumped up one level to critical due to sensitive information ))

Here are the variations of mapping of the highest compliance event severity, which has sensitive information and the expected Incident’s severity.
Highest Compliance Policy Failure Severity
Source has Sensitive Information
Incident Severity
Critical
Yes
Critical
Critical
No
Critical
High
Yes
Critical
High
No
High
Medium
Yes
High
Medium
No
Medium
Low
Yes
Medium
Low
No
Low
NA
Yes
Medium
NA
No
No alerts will be raised

Using SNS for S3 Observer Event Fan-Out

Next - MORE INFO

Borneo Inspection API

Last modified 10mo ago

Copy link