Findings by Type
The Findings by Type widget displays a breakdown of different types of findings:
• Anomaly: These are behaviorial anomalies, which are deviations from an average over time.
• IOC: These are matches against the Silent Push threat feed, which are basically the sessions that match an IP or domain in that particular threat feed.
• ML: These are threats to the network discovered by Machine Learning. These threats are not obvious and are a collection of bad actors' behaviors over time.
• Policy: These are policy violations specific to your company’s policies. For example, a session that uses a DNS server that is not an approved DNS server, or a session that uses an unsupported TLS version, like an old TLS version.