| Perform statistical anomaly computation to identify anomalous posture within an organization devices. |
| Vulnerable process making outbound network connection. |
| Unique software applications determined in select few systems |
| Irregular Host IP to MAC address maps found across devices in ARP table |
| Anomalous events found in Windows Event log |
| Applications are found to make outbound connections to unusual ports |
| Irregular Domain to IP address maps found across devices in ARP table |
| Unique processes are running in select few systems |
| Unusual Software license keys determined |
| Unusual command execution found in Windows Run Command history |
| Atypical Desktop Firewall configuration |
| Unusual tasks are scheduled in Task Scheduler |
| Unique services are running in select few systems |
| MAC Addresses are found to be changed |
| IP Address are found to be changed |
| Hostnames are found to be changed |
| Unusual entries in Autorun |
| Increasing Critical vulnerability count |
| Increasing High vulnerability count |
| Increasing Medium vulnerability count |
| Trending Low Vulnerabilities Anomaly |
| Anomaly was found in users with elevated privilege |
| Anomaly detected in IP Forwarding status |
| Unusual entries determined in Environment Variables |
| Less number of Users (UID) are mapped to Groups (GID) |
| Atypical Kernel version found |
| Unusual Run level entries determined |
| Unique RPC services are running in select few systems |
| Increasing trend of CCEs observed |
| Unique BIOS Manufacturer determined |
| Unknown disk type or Mass Storage devices connected |
| Anomaly detected in Service counts |
| Anomaly detected in Process count |
| Anomaly detected in Application count |
| Unusual Kernel modules are loaded |
| Unusual Kernel parameters are found |
| Whitelist your environment across many parameters and identify anomalies to make your IT known-good |
| Unwanted Network Ports are configured |
| Unwanted Services |
| Unwanted Processes |
| Unwanted Startup Applications |
| Unwanted Environment Variables |
| Unwanted Devices |
| Analyze array of securty controls, learn deviations to expected behavior |
| Unknown disk type or Mass Storage devices connected |
| Antivirus application is either not running, not enabled or signatures not up-to-date |
| Firewall disabled |
| User Account Control (UAC) policy are not configured properly |
| SELinux disabled |
| Address Space Layout Randomization (ASLR) is disabled |
| System Data Execution Prevention (DEP) Policy is disabled |
| Bit Locker is disabled |
| Keychain policy is not configured |
| Gatekeeper is disabled |
| Unified Extensible Firmware Interface (UEFI) is not enabled |
| High RAM or CPU utilization detected |
| Available Disk Space is less than 100MB |
| WiFi Security is disabled |
| WiFi encryption is disabled |
| WiFi authentication algorithm is not set |
| Empty Password is set for user |
| Inactive user found |
| Autologin is enabled |
| Outdated software applications are installed |
| Blacklisted software applications are installed |
| Outdated Operating System found |
| Outdated Operating System Service Packs found |
| Cloud applications are installed |
| Web Conferencing applications are installed |
| Instant Messaging applications are installed |
| VPN Software is installed |
| P2P Apps are installed |
| Gaming applications are installed |
| File Transfer Apps are installed |
| Applications with unknown publisher found |
| Unsigned Apps are allowed |
| Guest users are enabled |
| Time Synchronization is not enabled |
| Device Share is enabled |
