Threat Detection
Vedric identifies real threats through behavior correlation, environmental context, and confidence-based severity scoring. Not every anomaly is a threat — Vedric distinguishes between the two.
What Makes Something a Threat
A threat is not just unusual activity. Vedric defines a threat as behavior that, based on accumulated signals, context, and confidence scoring, indicates a likely security incident in progress or about to occur.
Behavioral Signals
Patterns that deviate from baselines
Contextual Analysis
Environment and timing factors
Confidence Scoring
Probability-based risk assessment
Threat Categories
Vedric detects threats across multiple categories, each with specialized detection logic:
Command & Control
Outbound connections to suspicious or rare destinations
Persistence Attempts
Unauthorized scheduled tasks, services, or registry modifications
Credential Abuse
Unusual privilege escalation or authentication patterns
Data Staging
Collection and preparation of sensitive files for exfiltration
Script Abuse
Malicious use of PowerShell, wscript, or other scripting engines
Reconnaissance
Internal network scanning or enumeration behavior
Detection Timeline
Threats are detected in near real-time. The detection pipeline processes events continuously:
Event Ingestion
Behavioral signals arrive from endpoints
Pattern Matching
Detectors identify suspicious behavior patterns
Context Enrichment
Environmental factors are evaluated
Confidence Scoring
Risk probability is calculated
Threat Classification
High-confidence events become threats
Severity Levels
Detected threats are assigned severity levels based on confidence and potential impact:
Low
Logged for context
Medium
Review recommended
High
Immediate attention
Critical
Automated response