Severity - AWS Security Hub

Severity

The severity of the finding.

The finding provider can provide the initial severity. The finding provider can only update the severity if it has not been updated using BatchUpdateFindings.

The finding must have either Label or Normalized populated. If only one of these attributes is populated, then Security Hub automatically populates the other one. If neither attribute is populated, then the finding is invalid. Label is the preferred attribute.

Contents

Label

The severity value of the finding. The allowed values are the following.

  • INFORMATIONAL - No issue was found.

  • LOW - The issue does not require action on its own.

  • MEDIUM - The issue must be addressed but not urgently.

  • HIGH - The issue must be addressed as a priority.

  • CRITICAL - The issue must be remediated immediately to avoid it escalating.

If you provide Normalized and do not provide Label, then Label is set automatically as follows.

  • 0 - INFORMATIONAL

  • 1–39 - LOW

  • 40–69 - MEDIUM

  • 70–89 - HIGH

  • 90–100 - CRITICAL

Type: String

Valid Values: INFORMATIONAL | LOW | MEDIUM | HIGH | CRITICAL

Required: No

Normalized

Deprecated. The normalized severity of a finding. This attribute is being deprecated. Instead of providing Normalized, provide Label.

If you provide Label and do not provide Normalized, then Normalized is set automatically as follows.

  • INFORMATIONAL - 0

  • LOW - 1

  • MEDIUM - 40

  • HIGH - 70

  • CRITICAL - 90

Type: Integer

Required: No

Original

The native severity from the finding product that generated the finding.

Type: String

Pattern: .*\S.*

Required: No

Product

Deprecated. This attribute is being deprecated. Instead of providing Product, provide Original.

The native severity as defined by the AWS service or integrated partner product that generated the finding.

Type: Double

Required: No

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following: