RemediGenius
RemediGeniusDocumentation
PricingSign InStart Free

Understanding Findings

Learn what security findings are, where they come from, and how to prioritise remediation.

What Is a Finding?

A finding is a security issue detected by your cloud provider's native security tools. Each finding represents a configuration, access, or threat issue that increases your security risk. Examples:

  • Security Hub: "S3 bucket has public read access enabled"
  • Config: "EC2 security group allows unrestricted inbound SSH (port 22)"
  • GuardDuty: "EC2 instance communicating with known cryptocurrency mining pool"
  • Access Analyzer: "S3 bucket accessible from external AWS account"

Severity Levels

CRITICAL

Immediate risk of data breach or system compromise. Fix within 24 hours. Examples: publicly readable S3 buckets with sensitive data, exposed access keys, active malware communication.

HIGH

Significant security weakness that could lead to a breach if combined with other issues. Fix within 1 week. Examples: unrestricted SSH/RDP, root account active access keys, no MFA on admin users.

MEDIUM

Security gap that violates best practices. Fix within 1 month. Examples: CloudTrail not enabled in all regions, S3 bucket versioning disabled, over-permissive IAM policies.

LOW

Minor security improvement or hardening opportunity. Fix when convenient. Examples: unused IAM users, missing resource tags, verbose logging not enabled.

Finding Sources

SourceWhat It DetectsUpdate Frequency
Security HubCIS benchmarks, FSBP compliance, aggregated findingsNear real-time
AWS ConfigResource configuration compliance (200+ resource types)On configuration change
GuardDutyThreat detection, anomaly analysis, malwareContinuous
Access AnalyzerExternal access to S3, IAM, KMS, Lambda, SQSNear real-time
InspectorEC2/Lambda/ECR vulnerability assessments (if enabled)Continuous

How the Posture Score Works

Your posture score (0–100) is calculated from active findings weighted by severity:

Penalty = (Critical × 10) + (High × 5) + (Medium × 2) + (Low × 0.5)
Score = MAX(0, 100 - Penalty)

80–100

Good

Strong security posture. Address remaining issues at your own pace.

60–79

Moderate

Meaningful risks present. Prioritise Critical and High findings.

0–59

High Risk

Serious security gaps. Immediate remediation required.

Prioritising Remediation

  1. 1Fix all Critical findings first — these represent active or imminent risk
  2. 2Address High findings within one week
  3. 3Schedule Medium findings into your next sprint or security review
  4. 4Track Low findings — address them during maintenance windows
  5. 5Use the compliance filter to prioritise findings relevant to your next audit (SOC 2, PCI-DSS, HIPAA)
← Connecting AWSAI Remediation