Detections

The “Detections” screen displays inferences that have surpassed a defined risk threshold, and are therefore considered detections that require analyst review. These detections are potential candidates to be promoted to signals.

The main elements of this screen are:

Generate signals Enables a model’s detections to generate signals in the Data Lake, allowing them to be used for alert generation, KPI tracking, or further correlation and analysis.

Detector description Shows de description of this use case, MITRE classification and how long is on training for this customer.

Timeline Events processed (blue color) by the detector -events that contains the characteristics required by this model- and detections generated (red color). This elemt can be maximized using the cross at the top-right of the chart.

Detector chart Specfic chart to help on analyzing the detections of an specific models. These charts are different between detectors, and the goal is help SOC analysts to understand the results and find the most relevant detections.

[IMAGE]