This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(291.2, 96%, 38%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJ%3C/text%3E%3C/svg%3E)
Hello, I would to like to point out that I can’t find full documentation of what determines the severity level for every single alert that is ingested into Microsoft Defender XDR or Sentinel. I would like to know every single trigger for High, medium and low severity. I feel like this is definitely something they could include in the SC-200 Course and documentation for both Defender XDR and Sentinel.
Not a full answer but, in Sentinel you can look a the baseline level for each Detection as they are in the GitHub https://github.com/Azure/Azure-Sentinel/tree/master/Solutions There are many 100s if not 1000s. So at least for these you can see the default level Microsoft provided as guidance.
However businesses will override these or some of these, based on your own adoption/policies.
Defender XDR custom detections are defined by you, but the others are set by Microsoft.
Okay thanks for providing the link for those. Great help