Zone

Danger zone (level) of the registered activity (High, Medium, Low).

Severity

Numerical value of the danger level of the registered activity (integer 1–999).

Description

Suspicious activity description. For example, "Executable has obtained the privilege," "The file has been dropped and executed," or "The process has injected binary code into another process." Certain descriptions contain mapping with MITRE ATT&CK™ threat classification. For example, "MITRE: T1082 System Information Discovery."