Threat Clustering is a method applied to every detector, aggregating new leads with other similar leads. The clustering is based on similarities in malicious intent, impact, and/or context, which are uniquely defined for each detector.
This section is dedicated to the way threat clusters are created, how to investigate them and how to triage them.
📘In this section