Three types of algorithms are leveraged
to detect Malicious Behavior Indicators


Identifies a specific abnormal event or pattern – such as disability activity logs

Rule and History-Based

Identifies a specific abnormal event or pattern over time and generates an MBI if something odd occurs or if something typical occurs differently than it has in the past

Machine Learning-Based

Uses ML to learn from your own data sets to detect very complex events specific to your environment – like anomalous storage access

MBIs are then analyzed further to provide additional context to security teams:

AI-Scored for Severity

Algorithms assign scores so the severity and risk to the organization is clear, and teams understand where to start

MITRE ATT&CK Alignment

MBIs are aligned to specific techniques within MITRE enabling teams to quickly understand which remediation methods will be the most effective to combat the threat

Attack Stage

Each MBI is assigned an attack stage to better understand the technique that is being leveraged to penetrate the environment

MBIs create Attack Sequences and Realerts

The sequence of MBIs demonstrates the path that attackers are using to penetrate your environment and raises them to “Realert” status so the security team understands the business impact

MBIs are linked in the Realert Attack Sequence


Getting started is easy!

open popup