Severity levels of alerts and events

The severity of an alert or event varies based on the condition that triggered it, whether action is required, and how urgently action is required.
Types of severity levels
Severity level
No remedial action is required.
For example, when a new device is enrolled or an existing device is unenrolled.
Investigate whether any action is required.
For example, malicious applications are detected on the same device within a short span of time.
Minor (events only)
Action is required, but the situation is not serious at this time.
For example, a license is about to expire.
Action is required immediately.
For example, a severe threat is detected on a device and it is remediated.
Critical (events only)
Action is required immediately because the scope of the problem has increased. Investigate critical alerts or events immediately.
For example, the same malware is detected across multiple devices in your environment.
Fatal (events) | Error (alerts)
An error has occurred but it is too late to take any remedial action to address it.
For example, a widespread virus outbreak has occurred in your network, which has infected multiple devices that cannot be remediated.
More information