Understanding Findings

Findings are the core unit of work in Guardian Pro. Every finding represents a specific issue that Guardian Pro has identified in your AWS infrastructure -- a misconfiguration, a security gap, a cost optimization opportunity, or a deviation from best practices.

Understanding how findings are structured, categorized, and prioritized will help you work through your Action Centre efficiently.

Anatomy of a Finding

Every finding in Guardian Pro contains the following information:

Identification

Finding ID -- A unique identifier for this specific finding instance.
Check ID -- The identifier of the automated check that generated this finding. Multiple resources can produce findings with the same check ID if they all have the same issue.
Title -- A concise summary of the issue (for example, "S3 Bucket Public Access Not Blocked").

Context

Description -- A detailed explanation of what was found, why it matters, and what the potential risk or impact is.
Affected Resource -- The specific AWS resource (identified by name, ID, and ARN) where the issue was detected.
Region -- The AWS region where the resource resides.
Service -- The AWS service category (EC2, S3, RDS, IAM, etc.).
Account -- The AWS account containing the resource.

Classification

Severity -- Critical, High, Medium, or Low. See Severity Levels below.
Category -- The type of issue. See Check Categories below.
Status -- The current lifecycle state of the finding. See Finding Statuses below.

Remediation

Remediation Available -- Whether Guardian Pro can automatically fix this issue.
Remediation Steps -- Step-by-step instructions describing what the automated fix will do, or manual instructions if automated remediation is not available.
Impact Summary -- What will change if the remediation is applied.
Rollback Available -- Whether the remediation can be reversed. See Rollback.

Metadata

First Detected -- When Guardian Pro first identified this issue.
Last Evaluated -- When the check was most recently run against this resource.
Risk Level -- An assessment of the blast radius and reversibility of remediation (Low, Medium, High).

Severity Levels

Guardian Pro classifies every finding into one of four severity levels. Severity is determined by the potential impact of the issue on your security, availability, or cost efficiency.

Critical

Findings that represent an immediate and severe risk to your environment. These typically involve:

Publicly accessible resources containing sensitive data
Missing encryption on critical data stores
Root account security gaps
Overly permissive IAM policies granting broad access

danger

Critical findings should be investigated and addressed as soon as possible. They often represent configurations that could lead to data breaches, unauthorized access, or significant financial exposure.

High

Findings that represent a significant risk requiring prompt attention. Examples include:

Security groups with overly broad ingress rules
Unencrypted data at rest or in transit
Missing multi-factor authentication
Resources without backup configurations

Medium

Findings that represent moderate risk or deviations from best practices. These are important to address but typically do not represent an immediate threat. Examples include:

Missing tags for cost allocation
CloudWatch alarms not configured for key metrics
Older generation instance types that could be upgraded
Logging not enabled for certain services

Low

Findings that represent minor improvements or optimization opportunities. These are informational and can be addressed opportunistically. Examples include:

Resources using previous-generation configurations where newer options exist
Minor tagging inconsistencies
Informational recommendations for operational improvements

Check Categories

Findings are organized into categories that reflect the nature of the issue:

Category	Description	Examples
Security	Misconfigurations that could lead to unauthorized access, data exposure, or vulnerability exploitation.	Public S3 buckets, open security groups, missing encryption
Cost Optimization	Opportunities to reduce AWS spending without impacting functionality.	Idle resources, oversized instances, unattached volumes
Operational Excellence	Gaps in monitoring, logging, backup, and operational hygiene.	Missing CloudTrail, no CloudWatch alarms, no backups
Architecture	Structural risks in your infrastructure topology.	Single points of failure, AZ concentration, missing redundancy

info

A single resource can have multiple findings across different categories. For example, an RDS instance might have a security finding (unencrypted) and a cost finding (oversized) simultaneously.

Finding Statuses

Every finding has a status that tracks its lifecycle from detection to resolution:

Status	Description
Active	The finding is open and requires attention. It contributes to your health score deductions.
Remediating	An automated remediation is currently being applied. The finding is in transition.
Remediated	The issue has been successfully resolved. The finding no longer affects your health score.
Rolling Back	A previously applied remediation is being reversed.
Rolled Back	The remediation was reversed. The finding returns to an active state.
Rollback Failed	The rollback attempt did not succeed. Manual investigation is recommended.
Suppressed	The finding has been intentionally hidden. It does not affect the health score and is excluded from default views. Use this for accepted risks.
Acknowledged	The finding has been reviewed and accepted. It does not affect the health score but remains visible in the Action Centre.

Status Transitions

Active → Remediating → Remediated
                      ↓
               Rolling Back → Rolled Back (returns to Active)
                            → Rollback Failed

Active → Suppressed
Active → Acknowledged

Findings can only be suppressed or acknowledged from the Active state. Remediated findings cannot be suppressed (there is nothing to suppress).

How Findings Are Generated

Guardian Pro generates findings through its automated scanning pipeline:

Resource Discovery -- Guardian Pro inventories your AWS resources across all enabled regions.
Check Evaluation -- Hundreds of automated checks are evaluated against each discovered resource. Each check tests a specific configuration or best practice.
Finding Creation -- When a check fails for a resource, a finding is created with the appropriate severity, category, and remediation guidance.
Deduplication -- Each finding is uniquely identified by the combination of resource and check. If the same issue is found again in a subsequent scan, the existing finding is updated rather than duplicated.
Auto-Resolution -- If a previously failing check now passes (because the underlying issue was fixed outside of Guardian Pro or through remediation), the finding is automatically marked as resolved.

note

Findings are deterministic. The same resource with the same configuration will always produce the same finding with the same finding ID. This ensures consistency across scans and prevents duplicate entries.

Finding Details Drawer

Clicking on any finding in the Action Centre opens the Finding Details Drawer, a side panel that provides the complete context for that finding:

Full description and risk explanation
Affected resource details with direct links to the AWS Console
Remediation steps (automated and manual)
Related findings on the same resource
Finding history (when first detected, scan history)
Compliance mapping (which framework controls this finding relates to)

Next Steps

Filtering and Search -- Find specific findings using filters and lenses.
Remediation -- Learn how to fix findings automatically.
Smart Groups -- Understand how related findings are grouped.
Action Centre Overview -- Return to the Action Centre overview.

Anatomy of a Finding​

Identification​

Context​

Classification​

Remediation​

Metadata​

Severity Levels​

Critical​

High​

Medium​

Low​

Check Categories​

Finding Statuses​

Status Transitions​

How Findings Are Generated​

Finding Details Drawer​

Next Steps​