Familiarize yourself with the terminology used within the context of the NSX Suspicious Traffic feature in NSX Intelligence.
Terminology |
Definition |
---|---|
Campaign |
A correlated set of incidents that affect one or more devices over a period of time. If the NSX Network Detection and Response feature is activated, links to campaigns are displayed on the NSX Suspicious Traffic UI, when applicable. |
Confidence Score |
The score calculated to indicate how confident the system is that an event is anomalous based on the proprietary algorithms that the NSX Suspicious Traffic feature uses. |
Detector |
A sensor designed for detecting events in your network traffic flow. A detector maps to a single MITRE ATT&CK category or technique. |
Impact Score |
A score calculated by a proprietary algorithm which uses a combination of the confidence score for the event and how bad the threat is (severity score), if correctly detected. |
Suspicious Traffic Event |
A network traffic activity that deviates from what is considered standard or expected. The data is generated by an NSX Suspicious Traffic detector. This can also be referred to simply as Event. Replaces the Anomaly Event and Detection Event terms that were used in previous releases. |
Tactic |
Represents the reason why an adversary is performing an action using an ATT&CK technique or sub-technique. See https://attack.mitre.org/ for information about the MITRE ATT&CK framework. |
Technique |
Represents how an adversary tries to achieve a tactical goal of their attack by performing an action. See https://attack.mitre.org/ for information about the MITRE ATT&CK framework. |