Anomaly recognition¶
As it ingests data through Plixer Scrutinizer, the Plixer ML Engine compiles datasets based on the hosts and dimensions it has been configured to use. These datasets are then used by the engine to build behavior models that encompass all network activity, including applications and communications to/from external hosts, at a given time.
When a sufficient volume of data has been acquired, the Plixer ML Engine is able to use models that represent typical, legitimate activity patterns as a baseline and recognize deviations that may indicate threats and other anomalies. Deviations that exceed the specified thresholds are then reported as Alarms and Events via the Plixer Scrutinizer web interface.
The Plixer ML Engine’s detection and reporting functions can be adapted to any type of enterprise network by defining the inclusions, dimensions, and sensitivity/threshold values that best suit an organization’s environment.