Technical Note: ZoneFox 4.0 - How do AI tags work

FAQ

As AI inspects incoming events for anomalousness, it also attempts to categorise anomalous events using tags. 

Events will be inspected for particular characteristics, as defined within the AI tag definitions, and the appropriate tag, if any applied to the event.

For example, an event involving a user writing a CV file will be tagged as Potential Leaver, and events displaying common ransomware characteristics will be tagged as Ransomware.

The AI alerts page shows the most commonly detected tags via the summary table, and allows searching the list of events for particular tags.