Health Score
The Guardian Pro health score is a single number from 0 to 100 that represents the overall health of your AWS infrastructure. It provides an at-a-glance assessment of your security posture, enabling you to quickly understand whether your environment needs attention.
How the Score Works
The health score is calculated using a weighted model that factors in the number, severity, and type of active findings in your environment. The key principle is simple: fewer and less severe findings result in a higher score.
Scoring Factors
The following factors influence your health score:
| Factor | Impact |
|---|---|
| Critical findings | Highest negative impact. Even a small number of critical findings significantly lowers the score. |
| High findings | Substantial negative impact. These findings carry considerable weight in the calculation. |
| Medium findings | Moderate negative impact. A handful of medium findings will have a noticeable but manageable effect. |
| Low findings | Minimal negative impact. These contribute to a lower score but are unlikely to drop it significantly on their own. |
| Finding categories | Findings spanning multiple categories (security, cost, architecture) indicate broader issues and contribute to a lower score. |
The scoring model uses a diminishing-returns approach. The first few critical findings cause a steep drop, but the score does not simply fall to zero with a large volume of findings. This means the score remains useful as a directional indicator even in environments with many open items.
Score Ranges
| Range | Status | Meaning |
|---|---|---|
| 90 -- 100 | Excellent | Your environment follows best practices with minimal open findings. |
| 70 -- 89 | Good | Your environment is in solid shape with some findings that should be addressed. |
| 50 -- 69 | Needs Attention | There are notable security or operational gaps that warrant prompt action. |
| Below 50 | At Risk | Critical or widespread issues require immediate remediation. |
What the Score Does Not Include
The health score focuses on findings from Guardian Pro's automated checks. It does not directly factor in:
- AWS-native alerts or CloudWatch alarms
- Third-party tool findings
- Manual assessments or notes
However, since Guardian Pro's checks cover a broad surface area across dozens of AWS services, the health score provides a comprehensive reflection of your infrastructure's configuration state.
How the Score Updates
The health score recalculates automatically after every scan. As findings are remediated, acknowledged, or suppressed, the score adjusts accordingly. You can expect to see score changes:
- After a scan completes -- New findings may lower the score; resolved findings may raise it.
- After a remediation -- Successfully remediating a finding removes it from the calculation, improving the score.
- After acknowledging or suppressing -- Acknowledged and suppressed findings are excluded from the health score, as they represent accepted risk.
Suppressing findings removes them from the health score calculation, but it does not address the underlying issue. Use suppression only for findings you have consciously accepted as known risk. See Bulk Actions for more on acknowledging and suppressing findings.
Improving Your Health Score
The most effective way to improve your health score is to resolve findings, starting with the highest severity items.
Prioritization Strategy
- Resolve critical findings first. These have the largest per-finding impact on the score. Even remediating one or two critical findings can produce a visible improvement.
- Address high-severity findings next. These carry significant weight and are often straightforward to fix.
- Work through medium findings during regular maintenance. These improve the score incrementally and often represent best-practice hardening.
- Handle low findings opportunistically. While individually minor, resolving a batch of low findings can provide a modest boost.
Quick Wins
Guardian Pro identifies Quick Win findings -- issues that can be resolved with minimal effort and risk. These are an excellent starting point when you want to improve the score efficiently. You can find these in the Action Centre by selecting the Quick Wins lens.
Automated Remediation
Many findings can be resolved automatically using Guardian Pro's one-click remediation. This is the fastest path to a higher score. Guardian Pro previews every change before applying it, so you can verify the fix before confirming.
Score History
Guardian Pro tracks your health score over time. The dashboard displays a trend indicator showing whether your score is improving, declining, or stable compared to the previous period. For detailed historical data, visit the Metrics section of the dashboard.
Score history is useful for:
- Demonstrating progress to leadership or stakeholders.
- Identifying regressions when the score drops after infrastructure changes.
- Tracking the impact of security initiatives or remediation sprints.
Per-Account vs. Aggregated Score
In multi-account environments, the dashboard displays an aggregated health score across all connected accounts by default. You can view the score for a specific account by selecting it from the account switcher.
Each account's score is calculated independently based on its own findings. The aggregated score reflects the combined health of your entire AWS Organization.
Frequently Asked Questions
Why did my score drop after a scan?
A new scan may discover resources or configurations that were not previously scanned, resulting in new findings. This is normal behavior, especially after:
- Adding new AWS accounts to Guardian Pro
- Enabling scanning in additional regions
- Infrastructure changes that introduce new resources
Can I reach a score of 100?
Yes. A score of 100 means there are no active findings in your environment. This is achievable for well-maintained environments, particularly in smaller accounts with focused workloads.
Does the score account for exempted or suppressed findings?
Suppressed and acknowledged findings are excluded from the health score calculation. This allows you to accept known risks without permanently depressing your score.
Next Steps
- Running Scans -- Trigger a scan to refresh your health score.
- Action Centre -- View and act on findings that affect your score.
- Remediation -- Fix findings to improve your score.