Expel severity |
|||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Product |
Critical |
High |
Medium |
Low |
Not reviewed |
||||||||||||||||||||||||||||||||||||||||||||
Cisco Secure Endpoint (formerly Cisco AMP) |
Alerts involving known malicious tools |
Non-generic malware detections |
Generic malware detections |
||||||||||||||||||||||||||||||||||||||||||||||
CrowdStrike Falcon |
Alerts involving known malicious tools |
Severities Medium, High, and Critical |
Severities Low and Informational |
||||||||||||||||||||||||||||||||||||||||||||||
CrowdStrike Falcon OverWatch |
All alerts |
||||||||||||||||||||||||||||||||||||||||||||||||
Elastic Security |
Alerts involving known malicious tools |
Severities Medium and High |
Severity Low |
||||||||||||||||||||||||||||||||||||||||||||||
SentinelOne |
Alerts involving known malicious tools |
Alerts categorized as “Hacktool” |
All non-mitigated threats |
Mitigated threats and vulnerability scan results |
|||||||||||||||||||||||||||||||||||||||||||||
Symantec Endpoint Protection |
Alerts involving known malicious tools |
Severities Major, Critical, and Fatal |
Severities Warning, Minor, and Informational |
||||||||||||||||||||||||||||||||||||||||||||||
Tanium XEM Core |
Alerts involving known malicious tools |
All alerts |
|||||||||||||||||||||||||||||||||||||||||||||||
Trellix Endpoint Security (HX) (formerly FireEye HX) |
Alerts involving known malicious tools |
Alerts in certain categories[a] |
All alerts |
||||||||||||||||||||||||||||||||||||||||||||||
VMware Carbon Black EDR (formerly CB Response) |
Alerts involving known malicious tools |
Dependent on Expel rule matches.[b] |
Dependent on Expel rule matches. |
Dependent on Expel rule matches. |
Dependent on Expel rule matches. |
||||||||||||||||||||||||||||||||||||||||||||
VMware Carbon Black Cloud (formerly CB ThreatHunter and CB Defense) |
Alerts involving known malicious tools |
Severity 5 or greater |
Severity less than 5 |
||||||||||||||||||||||||||||||||||||||||||||||
Windows Defender ATP |
Alerts involving known malicious tools |
High severity alerts and Hacktool alerts |
Medium severity alerts |
Low and Informational severity alerts Unwanted software[c] |
Mitigated threats |
||||||||||||||||||||||||||||||||||||||||||||
[a] Methodology, backdoor, trojan, credential stealer, malware family, process dumping, exploit activity. [b] Expel consumes all events generated by the Expel threat feeds and all other enabled threat feeds. It applies rules based on the MITRE framework. Expel makes these rules transparent to customers. [c] Expel investigates or notifies on unwanted software only by request. |