Findings
A finding indicates that one or more conditions are met in your cloud environment, which may or may not be classified as a risk. At Plerion, severity levels are used to prioritize findings based on their potential impact on the security of the system. Here's a breakdown of severity levels:
-
Critical: Findings categorized as critical represent the most severe issues that pose an immediate and significant threat to the security, integrity, or availability of the system. These findings often indicate vulnerabilities or misconfigurations that can be easily exploited by attackers to gain unauthorized access or cause serious damage. Critical findings typically require immediate attention and remediation.
-
High: High severity findings indicate significant security issues that could lead to severe consequences if left unaddressed. While not as urgent as critical findings, high severity issues still require prompt remediation to mitigate risks and prevent potential security breaches or disruptions to the system.
-
Medium: Medium severity findings represent security issues that have the potential to cause harm or compromise the security of the system, but their impact may be less severe compared to critical or high severity findings. These findings typically require attention and remediation within a reasonable time frame to reduce the risk of exploitation by attackers.
-
Low: Low severity findings refer to security issues that have minimal impact on the security of the system or are unlikely to be exploited by attackers to cause significant harm. While these findings may not pose an immediate threat, they should still be addressed to maintain a strong security posture and prevent potential escalation into more serious issues.
-
Informational: Informational findings are typically observations or recommendations that do not represent actual security vulnerabilities but provide useful information for improving the security posture of the system. These findings may include best practices, suggestions for optimization, or insights into security configurations. While not actionable as security issues themselves, informational findings can still be valuable for enhancing overall security awareness and practices.