Incident Levels

The incident levels reflect the criticality of a notification sent to Washington State organizations.  Depending on this incident level, the WaTech SOC will escalate communication at the organization if a response to a notification hasn’t been received within a set amount of time.
No action is usually required
Example: An interesting or unusual item was blocked, but user needs to be aware
Further Investigation is usually required
Example: A possible intrusion was discovered but no compromised assets
Immediate action is usually required
Example:  An asset was compromised like an IP outbound connection to a command and control host.
Immediate action from multiple parties is usually required
Example:  Large scale attack on multiple devices.