Urgency & Severity Matrix

ES calculates the **Urgency** of a Notable Event using a **Severity × Priority** matrix.

**Severity** comes from the correlation search configuration (informational, low, medium, high, critical). **Priority** comes from the asset or identity lookup (how important is this target?).

The resulting urgency (informational → critical) determines the visual indicator in Incident Review and which analyst queue receives the event.