Platform Documentation

Ctrlk

Platform description
- Overview
Data Lake
Integration of data sources
- Ingestion architecture
On-premises data sources
Cloud data sources
Catalog
Configuration Management Database (CMDB)
Log streams monitor
- Silenced sources
- Degraded sources
Transformation Pipelines
Predictive AI
Alerting engine
Customers consumption monitoring
Threat Intelligence
- Overview
Customer On-Boarding
Data Lake API usage

Powered by GitBook

On this page

Predictive AI

Detection Models

Linux anomalous network activity Windows anomalous network activity Windows anomalous process all hosts Windows anomalous user name Windows rare process by host High count network denies (outbound traffic)Unusual amount of outbound traffic (Data leak)Many logins OK from same IP Excessive Failed Logins for a Single User User Behaviour Analytics on Active Directory (ADUBA)DGA Detection Anomalous User Name in Active Directory Detection of silenced data sources Rare destination Country detection Brute force Login Detection Many Logins OK from the same IP AWS CloudTrail rare Method for a City AWS CloudTrail rare Method for a Country AWS CloudTrail rare Method for a User Anomalous denied traffic detection Anomalous outbound traffic AWS CloudTrail rare error Code AWS CloudTrail rare error Message AWS CloudTrail High distinct count error Code AWS CloudTrail High distinct count error Message Data Leak Detection Logon Spike Detection Suspicious Referring Websites Anomalies in SalesFolder searches

PreviousBasic concepts NextLinux anomalous network activity

@ 2025 Invisible Bits