|
Expel severity |
|||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Product |
Critical |
High |
Medium |
Low |
Not reviewed |
||||||||||||||||||||||||||||||||||||||||||||
|
VMware Carbon Black Endpoint Standard |
Alerts involving known malicious tools[a] |
Severity 5 or greater and unmitigated virus detections |
Severity less than 5 |
||||||||||||||||||||||||||||||||||||||||||||||
|
Cb Response |
Alerts involving known malicious tools |
Dependent on Expel rule matches.[b] |
Dependent on Expel rule matches. |
Dependent on Expel rule matches. |
Dependent on Expel rule matches. |
||||||||||||||||||||||||||||||||||||||||||||
|
VMware Carbon Black Cloud Enterprise EDR |
Alerts involving known malicious tools |
Severity 5 or greater |
Severity less than 5 |
||||||||||||||||||||||||||||||||||||||||||||||
|
Cisco AMP |
Alerts involving known malicious tools |
Non-generic malware detections |
Generic malware detections |
||||||||||||||||||||||||||||||||||||||||||||||
|
CrowdStrike Falcon |
Alerts involving known malicious tools |
Severities Medium, High, and Critical |
Severities Low and Informational |
||||||||||||||||||||||||||||||||||||||||||||||
|
CrowdStrike Falcon OverWatch |
All alerts |
||||||||||||||||||||||||||||||||||||||||||||||||
|
Endgame |
Alerts involving known malicious tools |
Severities Medium and High |
Severity Low |
||||||||||||||||||||||||||||||||||||||||||||||
|
Trellix HX |
Alerts involving known malicious tools |
Alerts in certain categories[c] |
All alerts |
||||||||||||||||||||||||||||||||||||||||||||||
|
SentinelOne |
Alerts involving known malicious tools |
Alerts categorized as “Hacktool” |
All non-mitigated threats |
Mitigated threats and vulnerability scan results |
|||||||||||||||||||||||||||||||||||||||||||||
|
Symantec Endpoint Protection |
Alerts involving known malicious tools |
Severities Major, Critical, and Fatal |
Severities Warning, Minor, and Informational |
||||||||||||||||||||||||||||||||||||||||||||||
|
Tanium |
Alerts involving known malicious tools |
All alerts |
|||||||||||||||||||||||||||||||||||||||||||||||
|
Windows Defender ATP |
Alerts involving known malicious tools |
High severity alerts and Hacktool alerts |
Medium severity alerts |
Low and Informational severity alerts Unwanted software[d] |
Mitigated threats |
||||||||||||||||||||||||||||||||||||||||||||
|
[a] Examples include Mimikatz, PowerShell Empire, and Cobalt Strike [b] Expel consumes all events generated by the Expel threat feeds and all other enabled threat feeds. It applies rules based on the MITRE framework. Expel is making these rules transparent to customers. [c] Methodology, backdoor, trojan, credential stealer, malware family, process dumping, exploit activity. [d] Expel investigate or notify on unwanted software only by request. |
|||||||||||||||||||||||||||||||||||||||||||||||||
Endpoint products fidelity and impact
Comments
0 comments
Article is closed for comments.