How are severity levels assigned/determined for Prisma Cloud Governance Policies?
Environment
Prisma Cloud
Governance
Policies
Severity Level
Alert Prioritization
Answer
Policy severity is determined by assessing the extent of exploitability and the impact of the security issue across the following metrics:
Access Vector
Access Complexity
Authentication
Impact on Confidentiality, Integrity and Availability
Exploit level
Mitigation level
Likelihood of attack
Collateral Damage Potential
Policy Severity
Policy Severity Definition
Critical
Vulnerability or misconfiguration which can be exploited by an attacker that can result in a complete compromise or damage. A Critical severity alert typically requires immediate attention and should be fixed as soon as possible.
High
Vulnerability or misconfiguration which can be exploited by an attacker that can result in significant damage or compromise. A High severity alert should be fixed as soon as possible.
Medium
Vulnerability or misconfiguration that is not directly exploitable (requires some level of effort to exploit) or has a limited impact. A Medium severity alert should be addressed in a timely manner, but may not require immediate attention.
Low
Vulnerability or misconfiguration that is not directly exploitable (requires significant effort to exploit) and has minimal impact. A Low severity alert may be addressed as part of a regular maintenance cycle and do not require immediate attention.
Informational
An Informational severity is not a direct security threat, but rather a security best practice or compliance recommendation, detection of service or port status, or a potential weakness that may require attention or monitoring. These alerts have lower severity than the other alerts but still need to be addressed based on customer's compliance requirements.