Security Operations Tools
Security Incident Severity Classifier
Answer questions about exfiltration, privilege compromise, and lateral movement to classify incident severity and get response SLA.
No data is transmitted — everything runs locallyTool
About this tool
Security Incident Severity Classifier
The Security Incident Severity Classifier determines SEV1-SEV4 classification from breach indicators with response SLA, escalation path, and notification requirements.
• Classify incident severity during initial triage to determine escalation
• Determine response SLA tier before activating incident response plan
• Assess whether CISO notification is required based on severity classification
• Document severity rationale for post-incident review
Next step
Attack Surface Calculator — Calculate external attack surface score from internet-facing services, open ports, and unprotected accounts.
Open Attack Surface Calculator →
FAQ
What does this tool tell you?
The Security Incident Severity Classifier determines SEV1-SEV4 classification from breach indicators with response SLA, escalation path, and notification requirements.
What affects the result most?
Severity tiers: SEV1 (active breach, data loss), SEV2 (imminent threat, containment needed), SEV3 (suspicious activity, investigation), SEV4 (low-risk anomaly). Classification factors: data type, user accounts affected, system criticality, persistence, lateral movement. P1 triggers: confirmed exfiltration, ransomware execution, privileged account compromise.
How should I use the result?
Treat the tool's output as a first-pass check, not a proof of correctness. A clean pass means no issues in the patterns this tool recognizes; a failure points to a specific problem you can investigate in your source. The underlying spec is the authoritative source for edge cases.