DescriptionAs AI inspects incoming events for anomalousness, it also attempts to categorise anomalous events using tags.
Events will be inspected for particular characteristics, as defined within the AI tag definitions, and the appropriate tag, if any, will be applied to the event.
For example, an event involving a user writing a CV file will be tagged as Potential Leaver, and events displaying common ransomware characteristics will be tagged as Ransomware.
The AI alerts page shows the most commonly detected tags via the summary table, and allows searching the list of events for particular tags.
Tags can apply either positive or negative severity levels to particular events which can increase or decrease the level of severity, making it easier to distinguish the urgency of an incident.
FIN comes pre-configured with a variety of AI tags which can be activated or deactivated according to the users wishes and also supports creating customised tags which the user may deem appropriate.
