What is the difference between an RDS incident and detection?

This discussion has a more recent version.

With RDS, we classify two types of severity:

  • Incidents are suspected breaches, which can consist of a single high severity detection or several medium or low detections.
  • Detections can be either high, medium, or low.

The Rapid Detection and Response Service uses the data, as well as our human expertise to respond to the severity in the appropriate way. For example, we report on all detections in the portal and send our customers email notification.

If a detection is elevated to an incident, we notify our customers by phone, as well as providing them with the event data from the portal.

Sign In or Register to comment.