Expel processes 2 types of data from security technologies we integrate with: alerts and events. Alerts are security events generated by a security technology based on events it observed. Events are atomic elements like log messages. Expel uses 2 combined approaches for mapping alerts to our alert severity of Critical, High, Medium or Low:
-
Categorization by alert fidelity and impact
-
Categorization by security product fidelity