How Sgraal's attack surface levels map to CVSS severity.
Sgraal assigns an attack surface level to every preflight evaluation. These levels map directly to the Common Vulnerability Scoring System (CVSS v3.1), enabling security teams to route memory governance alerts through existing vulnerability management workflows.
| Sgraal Level | CVSS Score | CVSS Rating | Description |
|---|---|---|---|
| NONE | 0.0 | None | No attack surface detected. Memory state is clean and trustworthy. |
| LOW | 0.1 – 3.9 | Low | Minor drift or staleness detected. Low risk of incorrect decisions. |
| MODERATE | 4.0 – 6.9 | Medium | Significant risk factors present. Memory should be verified before critical actions. |
| HIGH | 7.0 – 8.9 | High | Serious attack patterns detected. Sponsored drift, propagation, or hallucination likely. |
| CRITICAL | 9.0 – 10.0 | Critical | Active attack in progress. Memory is compromised and must not be acted upon. |
The Common Vulnerability Scoring System is the industry standard for communicating the severity of security vulnerabilities. By mapping Sgraal's attack surface detection to CVSS, we achieve several goals:
When exporting Sgraal events to a SIEM (Splunk, Datadog, Elastic), the attack surface level maps to Common Event Format (CEF) severity for consistent triage:
| Sgraal Level | CEF Severity | CEF Value | SIEM Action |
|---|---|---|---|
| NONE | Informational | 0 | Log only |
| LOW | Low | 3 | Log, weekly review |
| MODERATE | Medium | 5 | Alert, investigate within 24h |
| HIGH | High | 8 | Alert + page on-call, investigate within 1h |
| CRITICAL | Very High | 10 | Alert + page on-call + auto-block, immediate response |
Sgraal's /v1/audit-log/export endpoint outputs events in Splunk, Datadog, and Elastic formats with CEF severity pre-mapped.