Cadence Types

Each detection mechanism has its own cadence configuration. You can configure the cadence for each mechanism separately.

File system pattern evaluation

file-access

File creation/modification patterns
Suspicious access sequences
Unauthorized access attempts
Permission changes

Network endpoint pattern evaluation

network-peers

Suspicious domain connections
Threat actor communications
Unusual peer patterns
DNS resolution anomalies

Important

The built-in network peers detection checks millions of domains each evaluation. This can bottleneck high-traffic systems; use a higher cadence interval if resource use is high.

Network flow pattern evaluation

network-flows

Abnormal traffic volumes
Unusual protocol usage
Data exfiltration patterns
C2 communications

Environment variable pattern evaluation

env-vars

Dynamic linker manipulation
LD_PRELOAD/LD_LIBRARY_PATH mods
Environment variable injections
Process tampering

Compare

Kubernetes

Caches

Cadences

File Access

Execution

Network Peers

Env Vars

Cadence Types

File system pattern evaluation

Network endpoint pattern evaluation

Network flow pattern evaluation

Environment variable pattern evaluation

Cadence Types ​

File system pattern evaluation ​

Network endpoint pattern evaluation ​

Network flow pattern evaluation ​

Environment variable pattern evaluation ​

Cadence Types

File system pattern evaluation

Network endpoint pattern evaluation

Network flow pattern evaluation

Environment variable pattern evaluation