Previous Topic: Event SeverityNext Topic: Configuration Management Category


Event Severity Values

The assignment is based on general security principles and best practices. For example, an action that fails is commonly considered more severe than a successful one from a security implication point of view. The following table shows the value, name and explanation of the eight severity levels. A detailed list of severity level assignment is at appendix A.

Value

Name

Description

0

Unknown

Unknown Events

Events Not Mapped to CEG

Unclassified

1

Debug

Message that appears during debugging only

Events in non-production environment

2

Information

General System Operation Information

General Security Related Information

Notice

3

Warning

Unusual Changes to System/Function/Security

Normal but Significant Condition

Failed Operations

Degraded Performance

4

Minor_Impact

Minor Impact to System/Function

Minor Impact to Security

5

Major_Impact

Major Impact to System/Function

Major Impact to Security

6

Critical

Immediate Action Required

Likely Security Breach

7

Fatal

System Unusable/Down

High Possibility of Security Breach

Non Recoverable Problems

Severity Level 0 and Level 1 are at present not being assigned to any of the existing CEG event action and are reserved for future use. For the rest of the severity levels, the following guidelines are followed:

Severity Level 2:

Severity Level 3:

Severity Level 4:

Severity Level 5:

Severity Level 6:

Severity Level 7: