In Deep Discovery Inspector, host severity is the impact on a host as determined from aggregated detections by Trend Micro products and services.
Investigating beyond event security, the host severity numerical scale exposes the most vulnerable hosts and allows you to prioritize and quickly respond.
Host severity is based on the aggregation and correlation of the severity of the events that affect a host. If several events affect a host and have no detected connection, the host severity will be based on the highest event severity of those events. However, if the events have a detected correlation, the host severity level will increase accordingly.
For example: Of five events affecting a host, the highest risk level is moderate. If the events have no correlation, the host severity level will be based on the moderate risk level of that event. However, if the events are correlated, then the host severity level will increase based on the detected correlation.
The host severity scale consolidates threat information from multiple detection technologies and simplifies the interpretation of overall severity. You can prioritize your responses based on this information and your related threat response policies.
Category |
Level |
Description |
---|---|---|
Critical Host exhibits behavior that definitely indicates host is compromised |
10 |
Host shows evidence of compromise including but not limited to the following:
|
9 |
Host exhibits an indication of compromise from APTs including but not limited to the following:
|
|
8 |
Host may exhibit the following:
|
|
Major Host is targeted by a known malicious behavior or attack and exhibits behavior that likely indicates host is compromised |
7 |
Host may exhibit the following:
|
6 |
Host may exhibit the following:
|
|
5 |
Host may exhibit the following:
|
|
4 |
Host may exhibit the following:
|
|
Minor Host exhibits anomalous or suspicious behavior that may be benign or indicate a threat |
3 |
Host may exhibit the following:
|
2 |
Host may exhibit the following:
|
|
Trivial Host exhibits normal behavior that may be benign or indicate a threat in future identification of malicious activities |
1 |
Host may exhibit the following:
|