Subscribe to the Taegis™ XDR Documentation RSS Feed at .

Learn more about RSS readers or RSS browser extensions.

Alert Severity and Confidence


Severity and confidence scores make it easier for you to prioritize alert triage in your environment and address the most pressing alerts first. Find the severity and confidence for an alert in the Alert Details panel.

Alert Severity and Confidence

Alert Severity and Confidence


Threat Score is a new contextually aware priority value assigned to alerts by the patent-pending Taegis™ Prioritization Engine. For more information, see Threat Score.

How are Severity and Confidence Determined?

Each detector collects varying data from your environment to monitor for malicious activity, and uses varying aspects of this data to determine a severity and confidence score.

For example, the DGA Detector is a machine learning model-based detector that computes the probability that a domain is potentially an indicator of malicious activity. Both severity and confidence scores are based on the probability computed by the detector.

Other detectors define both severity and confidence statically, such as the Tactic Graphs™ Detector, which has a static severity and confidence score defined per adversary tactic. Similarly, Secureworks® Taegis™ XDR watchlist detectors use a static severity and confidence score set by the security researchers who created the watchlist.

Third-Party Alerts

Third-party alerts ingested into Secureworks® Taegis™ XDR are interpreted for severity level and confidence differently depending on the originating device. In general, Secureworks® Taegis™ XDR maps the highest two severity levels of third-party alerts to High and Critical severity, unless the activity was blocked; Secureworks® Taegis™ XDR decreases alert severity for blocked activity to Low severity.


On this page: