Expel processes 2 types of data from security technologies we integrate with: alerts and events. Alerts are security events generated by a security technology based on events it observed. Events are atomic elements like log messages. Expel uses 2 combined approaches for mapping alerts to our alert severity of Critical, High, Medium or Low:

  • Categorization by alert fidelity and impact

  • Categorization by security product fidelity