English Français Deutsch Italiano Português Español

Analyze anomalous and suspicious behaviour

In Suspicious Activities, you can view notifications generated by behavioural monitoring of users, devices and the network.

Activity analysis is based on IT Security’s artificial intelligence, which differs from traditional static approaches (often based on pre-trained models) thanks to a constantly evolving neural network.

This technology allows the system to dynamically adapt to the corporate environment, modelling its detection capabilities based on the actual behaviour of users and devices. The result is an increasingly accurate and personalised analysis of anomalies and threats.

During the first 14 days of using the add-on, the AI observes and learns the device’s habits, building a behavioural profile for reference. It then continues to evolve, recognising any changes and reporting only truly suspicious activity to provide reliable, accurate and tailored protection.

A list of detected anomalous activities is available in Suspicious Activities, with the option to perform custom searches.

For each suspicious activity, the following information is reported:

  • the level of impact (critical, high, medium)
  • the computer involved
  • the type of notification
  • the date of registration
  • the time of the last occurrence
  • the total number of detections

You can find detailed information by clicking on the registered activity.

Data retention is 1 month.

Finally, you can perform custom searches and extract data in .csv and .pdf format.

The classification of notifications is shown below, with details for each type:

Classification Description
Access Logs relating to access, authentication and authorisations on various protocols, network or local.
Network Logs relating to what happens on the network, whether locally or received from outside.
Computer Logs for PC events, whether hardware errors or anomalies on local events.
Security Logs relating to activities that may undermine PC security, such as network scans, firewall changes, etc.
Anomaly Logs of unusual user activity detected following behavioural and PC usage analysis.
Compromise Logs relating to actions that damage or put the PC at risk, such as malicious connections or the execution of suspicious files or processes.