Security Operations Tools
Security Incident Severity Classifier
Answer questions about exfiltration, privilege compromise, and lateral movement to classify incident severity and get response SLA.
Calculations run locally in your browserTool
About this tool
Security Incident Severity Classifier
The Security Incident Severity Classifier determines SEV1-SEV4 classification from breach indicators with response SLA, escalation path, and notification requirements.
• Classify incident severity during initial triage to determine escalation
• Determine response SLA tier before activating incident response plan
• Assess whether CISO notification is required based on severity classification
• Document severity rationale for post-incident review
Next step
Attack Surface Calculator — Calculate external attack surface score from internet-facing services, open ports, and unprotected accounts.
Open Attack Surface Calculator →
FAQ
What does this tool tell you?
The Security Incident Severity Classifier determines SEV1-SEV4 classification from breach indicators with response SLA, escalation path, and notification requirements.
What affects the result most?
Severity tiers: SEV-1 (active breach, data loss), SEV-2 (imminent threat, containment needed), SEV-3 (suspicious activity, investigation), SEV-4 (low-risk anomaly), or "No incident" when all assessed factors are No. Classification factors and weights: data exfiltration (4), privileged compromise (3), lateral movement (2), ransomware (4). Confirmed=1.0×, suspected=0.5×, no=0×; suspected-only cases do not reach SEV-1. SEV-1 triggers: score ≥7 (max 13), confirmed exfil+priv, or confirmed ransomware. Response SLAs (Atlassian-style severity matrices): SEV-1 <15m/<4h, SEV-2 <30m/<24h, SEV-3 <4h/<7d, SEV-4 best-effort/<30d.
How should I use the result?
Treat the tool's output as a first-pass check, not a proof of correctness. A clean pass means no issues in the patterns this tool recognizes; a failure points to a specific problem you can investigate in your source. The underlying spec is the authoritative source for edge cases.