Severity
The severity of the finding.
The finding provider can provide the initial severity. The finding provider can only
update the severity if it hasn't been updated using
BatchUpdateFindings.
The finding must have either Label or Normalized populated. If
only one of these attributes is populated, then Security Hub automatically populates the other
one. If neither attribute is populated, then the finding is invalid. Label is
the preferred attribute.
Contents
- Label
-
The severity value of the finding. The allowed values are the following.
-
INFORMATIONAL- No issue was found. -
LOW- The issue does not require action on its own. -
MEDIUM- The issue must be addressed but not urgently. -
HIGH- The issue must be addressed as a priority. -
CRITICAL- The issue must be remediated immediately to avoid it escalating.
If you provide
Normalizedand don't provideLabel, thenLabelis set automatically as follows.-
0 -
INFORMATIONAL -
1–39 -
LOW -
40–69 -
MEDIUM -
70–89 -
HIGH -
90–100 -
CRITICAL
Type: String
Valid Values:
INFORMATIONAL | LOW | MEDIUM | HIGH | CRITICALRequired: No
-
- Normalized
-
Deprecated. The normalized severity of a finding. Instead of providing
Normalized, provideLabel.The value of
Normalizedcan be an integer between0and100.If you provide
Labeland don't provideNormalized, thenNormalizedis set automatically as follows.-
INFORMATIONAL- 0 -
LOW- 1 -
MEDIUM- 40 -
HIGH- 70 -
CRITICAL- 90
Type: Integer
Required: No
-
- Original
-
The native severity from the finding product that generated the finding.
Length Constraints: Minimum length of 1. Maximum length of 64.
Type: String
Pattern:
.*\S.*Required: No
- Product
-
Deprecated. This attribute isn't included in findings. Instead of providing
Product, provideOriginal.The native severity as defined by the AWS service or integrated partner product that generated the finding.
Type: Double
Required: No
See Also
For more information about using this API in one of the language-specific AWS SDKs, see the following:
