Understanding Alerts & Severity
Learn how CastellanAI classifies and prioritizes security threats.
Severity Levels Explained
CastellanAI uses AI to analyze security events and assign severity levels based on multiple factors including threat indicators, MITRE ATT&CK tactics, affected systems, and historical patterns.
Critical (Red)
Immediate action required. Active threats that could cause significant damage to your organization.
| Examples | Response Time |
|---|---|
| Confirmed malware execution | 0-15 minutes |
| Active ransomware detected | |
| Data exfiltration in progress | |
| Privilege escalation to domain admin |
High (Orange)
Suspicious activity requiring prompt investigation. Potential threats that warrant immediate attention.
| Examples | Response Time |
|---|---|
| Multiple failed authentication attempts | Within 1 hour |
| Suspicious PowerShell execution | |
| Unusual network connections | |
| Lateral movement detected |
Medium (Yellow)
Notable events that should be reviewed but don't require immediate action.
| Examples | Response Time |
|---|---|
| Policy violations | Within 4 hours |
| Non-standard software installations | |
| Configuration changes | |
| Minor security audit failures |
Low (Blue)
Informational events for security awareness. Review during routine analysis.
| Examples | Response Time |
|---|---|
| Successful authentication events | During scheduled review |
| Normal system updates | |
| Routine administrative actions | |
| Standard security scans |
How Severity is Determined
CastellanAI's AI engine analyzes multiple factors to assign severity:
Event Characteristics
- Event type & category
- MITRE ATT&CK tactics mapped
- Known threat indicators
Context & Impact
- Affected system criticality
- User privilege level
- Correlation with other events
What's Next?
- Investigating Events - Learn the systematic approach to investigating security events
- Taking Action - Understand available response actions for different threat types
- Notifications Setup - Configure notifications to get alerted about high-severity events
Master Alert Prioritization
Understanding severity levels helps you prioritize your security operations and respond effectively to threats.