Anomaly detection

Sophos Cloud Optix has several types of anomaly detection. They're turned on automatically.

The detection types are as follows:

Each of these detects security-related anomalous events based on account or user activities, API calls, flow log data, and network traffic patterns.

These detection types require different resources or learning periods to determine normal behavior. They can then identify unusual behavior.

About anomaly alerts

Sophos Cloud Optix displays alerts when it detects anomalies in your environment.

On the Alerts page, look for alerts with a head-shaped icon in the Type column.
Alert icon

You can click the Type filter and select Anomaly (AI).

An anomaly shows the severity level of the alert and a brief description.

Screenshot showing example alert detail