Severity mappings for GuardDuty
Alert priority state mapping between GuardDuty and Incident Response.
GuardDuty alert priority state mapping
GuardDuty's alert priority is based on the severity field
(body.message.detail.severity) in the payload.
| GuardDuty payload field | GuardDuty payload value | Incident Response alert priority value |
|---|---|---|
| body.message.detail.severity | 0.1 - 3.9 (Low) | Warning |
| 4.0 - 6.9 (Medium) | Major | |
| 7.0 - 8.9 (High) | Critical |
If body.message.detail.severity property is not sent in payload, then
alert priority value set is P5-INFORMATIONAL.