Expel severity |
|||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Product |
Critical |
High |
Medium |
Low |
Not reviewed |
||||||||||||||||||||||||||||||||||||||||||||
Cisco FirePower |
Threat score 44 or greater |
Threat score less than 44 |
|||||||||||||||||||||||||||||||||||||||||||||||
Cisco Umbrella DNS |
Policy category: Command and Control |
Policy category: Phishing[a] |
All other policy categories. |
||||||||||||||||||||||||||||||||||||||||||||||
Cisco Umbrella Proxy (URL) |
Policy Category: Malware with MIME type: Application |
All other policy categories and/or MIME types. |
|||||||||||||||||||||||||||||||||||||||||||||||
Darktrace |
Score of 80 or greater |
Score less than 80[b] |
|||||||||||||||||||||||||||||||||||||||||||||||
Fastly Next-Gen WAF (formerly Signal Sciences WAF) |
All attack Signals |
All non-attack Signals |
|||||||||||||||||||||||||||||||||||||||||||||||
Palo Alto Firewall Anti-Virus Module |
Malware detections with severities High or Critical |
Malware detections with Medium severity |
Malware detections with severities Low or Informational |
||||||||||||||||||||||||||||||||||||||||||||||
Palo Alto FirewallTraffic |
Severities High and Critical |
Severities Medium, Low, and Informational |
|||||||||||||||||||||||||||||||||||||||||||||||
Palo Alto FirewallURL |
URL categories command-and-control, malware, dynamic DNS, and phishing |
All other URL categories |
|||||||||||||||||||||||||||||||||||||||||||||||
Palo Alto Firewall Wildfire |
Categories malicious and grayware |
All other categories |
|||||||||||||||||||||||||||||||||||||||||||||||
SentinelOne Singularity Hologram (formerly Attivo BOTSink) |
Severities Very High, High |
Severities Medium, Low, and Very Low |
|||||||||||||||||||||||||||||||||||||||||||||||
Verizon Network Detection and Response (formerly ProtectWise) |
Severities High and Medium[c] |
Severities Low and None |
|||||||||||||||||||||||||||||||||||||||||||||||
Zscaler |
Malware and unblocked Adware alert categories |
Anonymizer and all other alert categories |
|||||||||||||||||||||||||||||||||||||||||||||||
[a] Requires 3 consecutive events to the same destination domain. [b] If Expel observes multiple Darktrace alerts with a score of 66 or greater from the same host, Expel alert at severity Low. [c] Excludes inbound internet scanning from known commodity scanner source IPs. |