Incident Severity

Incident Severity is computed as the highest severity of compliance policy failure events which is bumped up to the next level severity if there is Sensitive information detected.

For example, a bucket has the following policy failures →
Ensure the S3 bucket is unencrypted has medium severity
Ensure S3 bucket is not publicly accessible has high severity
Has data which is classified as PII_LI which marked as Sensitive Information
Then the Incident Severity would be critical ( highest of (medium, high) of compliance policy failures → bumped up one level to critical due to sensitive information ))

Here are the variations of mapping of the highest compliance event severity, which has sensitive information and the expected Incident’s severity.
Highest Compliance Policy Failure Severity
Source has Sensitive Information
Incident Severity
Critical
Yes
Critical
Critical
No
Critical
High
Yes
Critical
High
No
High
Medium
Yes
High
Medium
No
Medium
Low
Yes
Medium
Low
No
Low
NA
Yes
Medium
NA
No
No alerts will be raised

Last modified 1mo ago

Highest Compliance Policy Failure Severity	Source has Sensitive Information	Incident Severity
Critical	Yes	Critical
Critical	No	Critical
High	Yes	Critical
High	No	High
Medium	Yes	High
Medium	No	Medium
Low	Yes	Medium
Low	No	Low
NA	Yes	Medium
NA	No	No alerts will be raised