Expel severity

Product

Critical

High

Medium

Low

Not reviewed

VMware Carbon Black Endpoint Standard

Alerts involving known malicious tools[a]

Severity 5 or greater and unmitigated virus detections

Severity less than 5

Cb Response

Alerts involving known malicious tools

Dependent on Expel rule matches.[b]

Dependent on Expel rule matches.

Dependent on Expel rule matches.

Dependent on Expel rule matches.

VMware Carbon Black Cloud Enterprise EDR

Alerts involving known malicious tools

Severity 5 or greater

Severity less than 5

Cisco AMP

Alerts involving known malicious tools

Non-generic malware detections

Generic malware detections

CrowdStrike Falcon

Alerts involving known malicious tools

Severities Medium, High, and Critical

Severities Low and Informational

CrowdStrike Falcon OverWatch

All alerts

Endgame

Alerts involving known malicious tools

Severities Medium and High

Severity Low

Trellix HX

Alerts involving known malicious tools

Alerts in certain categories[c]

All alerts

SentinelOne

Alerts involving known malicious tools

Alerts categorized as “Hacktool”

All non-mitigated threats

Mitigated threats and vulnerability scan results

Symantec Endpoint Protection

Alerts involving known malicious tools

Severities Major, Critical, and Fatal

Severities Warning, Minor, and Informational

Tanium

Alerts involving known malicious tools

All alerts

Windows Defender ATP

Alerts involving known malicious tools

High severity alerts and Hacktool alerts

Medium severity alerts

Low and Informational severity alerts

Unwanted software[d]

Mitigated threats

[a] Examples include Mimikatz, PowerShell Empire, and Cobalt Strike

[b] Expel consumes all events generated by the Expel threat feeds and all other enabled threat feeds. It applies rules based on the MITRE framework. Expel is making these rules transparent to customers.

[c] Methodology, backdoor, trojan, credential stealer, malware family, process dumping, exploit activity.

[d] Expel investigate or notify on unwanted software only by request.