To help you understand our response timelines, we offer a few different metrics. This page explains how we calculate each one.

Time to Detect

The time between when an event is created in your environment, to when an Expel Alert is created.

Time to Triage

The time between Expel Alert creation and the first instance of SOC analyst activity on it. (When an Expel Alert appears in our queue, we often do a quick visual triage to determine urgency and prioritization.)

Time to Decision

The time between an Expel Alert arriving in the queue, to when the SOC analyst actively makes a decision about what to do with it. They may decide to close it, to create an Investigation, to add it to an existing Investigation, or to immediately flag it as an Incident.

Time to Investigate

The time between when an Investigation is created to when the investigative work ends, and it is either closed, assigned to you, or flagged as an Incident.

Time to Acknowledge

The time between when the Expel Alert was created and when an Incident was created. 

Time to Respond

The entire lifecycle of the Investigation, from when the Expel Alert was first created to when the first Remediation Action was recommended.