Windows Agent does not capture CRITICAL events from Windows Eventlog
In the ASPs for a WindowsAgent under EventLog Severity list, there is no way to add a row for CRITICAL severity level Windows Events, even though they do exist in Windows OS. Even when trying to add a new row to those lists, there is no way to define "Critical" as the source level.
For the WindowsAgent event log collection, WMI is used and the specification for the Win32_NTEventLog class does not provide a "Critical" EventType. Please refer to the definition for EventType at https://msdn.microsoft.com/en-us/library/aa394226(v=vs.85).aspx. The EventType value of "1" is used for Error and Critical, hence this would be the reason that no "Critical" mapping is provided. There is no plans to include this feature for the WindowsAgent moving forward.
However, in the new DellWindowsEventLogMonitorAgent since Windows native APIs are used to obtain Windows event log data instead of WMI, a distincation is made between an "Error" record and a "Critical" record. Please use the DellWindowsEventLogMonitorAgent for collecting log events instead of the WindowsAgent.