Detects processes that occur rarely compared to other processes on all hosts, using a rare function that detest values that occur rarely on time or rarely for a population.
Description
Models the occurrences of processes on all hosts.
Searches for rare processes running on multiple hosts in an entire fleet or network.
This reduces the detection of false positives since automated maintenance processes usually only run occasionally on a single machine but are common to all or many hosts in a fleet.
