Familiarize yourself with the terminologies that are used with the NSX Suspicious Traffic feature.



Anomaly Event

The terminology used in the previous NSX Intelligence release where the NSX Anomaly Detection (now NSX Suspicious Traffic) feature was introduced as a technology preview feature. This terminology is now replaced by Detection Event.


A correlated set of incidents that affect one or more devices over a period of time.

If the NSX Network Detection and Response feature is activated, links to campaigns are displayed on the NSX Suspicious Traffic UI, when applicable.

Confidence Score

The score calculated to indicate how confident the system is that an event is anomalous based on the proprietary algorithms that the NSX Suspicious Traffic feature uses.

Detection Event

A network traffic activity that deviates from what is considered standard or expected. The data is generated by a NSX Suspicious Traffic detector.


A sensor designed for detecting events in your network traffic flow. A detector maps to a single MITRE ATT&CK category or technique.

Impact Score

A score calculated by a proprietary algorithm which uses a combination of the confidence score for the detection event and its severity, if correctly detected.


Indicates how bad a threat is. The valid values are Critical, High, Medium, or Low.


Represents the reason why an adversary is performing an action using an ATT&CK technique or sub-technique. See https://attack.mitre.org/ for information about the MITRE ATT&CK framework.


Represents how an adversary tries to achieve a tactical goal of their attack by performing an action. See https://attack.mitre.org/ for information about the MITRE ATT&CK framework.