Basic concepts

Detector

An AI-based model designed to detect a very specific pattern or behavior, that is on training on one or multiple customers, after identifying in its log streams the characteristics that the model needs A model will exhibit different behaviour across different clients, as it adapts to the unique characteristics of each environment.

Days training

The number of days the model has been actively training on a specific client. Each model is retrained daily using the outcomes of SOC analysts' operations, along with the evolving characteristics and patterns observed in the client's log streams over time.

Detection

Inference generated by a detector that has passed the discard criteria and therefore presents SOC analysts with a risk that must be analyzed.

Signal

Signal generated by a detection, which will be sent to the Data Lake and may later be correlated with other signals to produce detections or higher-risk signals.

Aggressiveness

Configurable parameter in the Settings section of a model, that defines how aggressive the model is when analyzing information. It allows adjusting the detection threshold to reduce false positives by tuning the model's sensitivity.

White list

Allows values specified by SOC analysts for a model’s key features to suppress detections at inference time, based on the assumption that the presence of such values indicates the detection should be discarded.

Back list

Allows values specified by SOC analysts for a model’s key features to force a detection at inference time, based on the assumption that the presence of such values indicates the detection should be escalated.

Generate signals

Send the signals to the Data Lake, enabling their use in dashboards, alert generation, or correlation with other events being processed.

PreviousOverview NextDetection Models

Last updated 9 months ago

hashtagDetector

hashtagDays training

hashtagDetection

hashtagSignal

hashtagAggressiveness

hashtagWhite list

hashtagBack list

hashtagGenerate signals