Incident Severity
Incident Severity is computed as the highest severity of compliance policy failure events which is bumped up to the next level severity if there is Sensitive information detected.
For example, a bucket has the following policy failures →
Ensure the S3 bucket is unencrypted
hasmedium
severityEnsure S3 bucket is not publicly accessible
hashigh
severity- Has data which is classified as
PII_LI
which marked asSensitive Information
Then the Incident Severity would be
critical
( highest of (medium
, high
) of compliance policy failures → bumped up one level to critical
due to sensitive information ))
Here are the variations of mapping of the highest compliance event severity, which has sensitive information and the expected Incident’s severity.Highest Compliance Policy Failure Severity | Source has Sensitive Information | Incident Severity |
Critical | Yes | Critical |
Critical | No | Critical |
High | Yes | Critical |
High | No | High |
Medium | Yes | High |
Medium | No | Medium |
Low | Yes | Medium |
Low | No | Low |
NA | Yes | Medium |
NA | No | No alerts will be raised |
Last modified 1mo ago