Refactored severity enum types, based on expected types outputted by WAF

kamalchaturvedi · kamalchaturvedi · commit 76e6ee3f5582 · 2026-02-04T10:25:53.000-08:00
diff --git a/api/grpc/events/v1/security_violation.pb.go b/api/grpc/events/v1/security_violation.pb.go
diff --git a/api/grpc/events/v1/security_violation.proto b/api/grpc/events/v1/security_violation.proto
@@ -139,9 +139,11 @@ enum RequestOutcomeReason {
 
 enum Severity {
     SEVERITY_UNKNOWN = 0;
-    SEVERITY_INFORMATIONAL = 1;
-    SEVERITY_LOW = 2;
-    SEVERITY_MEDIUM = 3;
-    SEVERITY_HIGH = 4;
-    SEVERITY_CRITICAL = 5;
+    SEVERITY_EMERGENCY = 1;
+    SEVERITY_ALERT = 2;
+    SEVERITY_CRITICAL = 3;
+    SEVERITY_ERROR = 4;
+    SEVERITY_WARNING = 5;
+    SEVERITY_NOTICE = 6;
+    SEVERITY_INFORMATIONAL = 7;
 }
diff --git a/docs/proto/protos.md b/docs/proto/protos.md
@@ -272,11 +272,13 @@ ViolationData represents individual violation details
 | Name | Number | Description |
 | ---- | ------ | ----------- |
 | SEVERITY_UNKNOWN | 0 |  |
-| SEVERITY_INFORMATIONAL | 1 |  |
-| SEVERITY_LOW | 2 |  |
-| SEVERITY_MEDIUM | 3 |  |
-| SEVERITY_HIGH | 4 |  |
-| SEVERITY_CRITICAL | 5 |  |
+| SEVERITY_EMERGENCY | 1 |  |
+| SEVERITY_ALERT | 2 |  |
+| SEVERITY_CRITICAL | 3 |  |
+| SEVERITY_ERROR | 4 |  |
+| SEVERITY_WARNING | 5 |  |
+| SEVERITY_NOTICE | 6 |  |
+| SEVERITY_INFORMATIONAL | 7 |  |
 
 
  
diff --git a/internal/collector/securityviolationsprocessor/csv_parser.go b/internal/collector/securityviolationsprocessor/csv_parser.go
@@ -121,16 +121,20 @@ func parseIsTruncated(value string) bool {
 // parseSeverity converts string severity to Severity enum
 func parseSeverity(severity string) events.Severity {
 	switch strings.ToLower(strings.TrimSpace(severity)) {
-	case "informational":
-		return events.Severity_SEVERITY_INFORMATIONAL
-	case "low":
-		return events.Severity_SEVERITY_LOW
-	case "medium":
-		return events.Severity_SEVERITY_MEDIUM
-	case "high":
-		return events.Severity_SEVERITY_HIGH
+	case "emergency":
+		return events.Severity_SEVERITY_EMERGENCY
+	case "alert":
+		return events.Severity_SEVERITY_ALERT
 	case "critical":
 		return events.Severity_SEVERITY_CRITICAL
+	case "error":
+		return events.Severity_SEVERITY_ERROR
+	case "warning":
+		return events.Severity_SEVERITY_WARNING
+	case "notice":
+		return events.Severity_SEVERITY_NOTICE
+	case "informational":
+		return events.Severity_SEVERITY_INFORMATIONAL
 	default:
 		return events.Severity_SEVERITY_UNKNOWN
 	}
