| Agent |
A generic term for our Universal Sensor. |
| AI Assistant |
Our Generative AI solution that accelerates incident response through automated investigation and analysis. Customers can opt in or out via Settings or our support team. |
| AI Case Summary |
A summary of the case, compiled by the LLM (AI Assistant). |
| Alert |
A security event generated by a third-party provider. |
| Case |
A group of one or more observations correlated by common factors (e.g. same device or IP). Cases vary in threat level: Low, Medium, High, Critical. |
| Cybersecurity |
The practice of protecting systems, networks, and data from digital attacks and unauthorised access. |
| Data |
A collective term for Alerts and Telemetry. |
| Device |
A physical or virtual component that can connect to a network (e.g. computers, servers, mobile devices, IoT devices). A device may or may not have the Universal Sensor installed. |
| Device ID |
Normally shows the Fully Qualified Domain Name (FQDN). |
| Device Name |
Normally shows the hostname or FQDN. |
| Device Precise ID |
A unique set of capital letters and numbers used to identify a device. |
| Endpoint |
A user-operated device (e.g. laptop, smartphone) that serves as a point of access to a network. Always has the Universal Sensor installed. |
| Endpoint Agent |
A generic term for our Universal Sensor. |
| Endpoint Event |
A unit of telemetry reported by the Universal Sensor. |
| Endpoint ID |
Normally shows the hardware ID. |
| Event |
Any activity on a device, such as failed logins or malware infections. |
| Hardware ID |
A unique alphanumeric identifier (uppercase only) for a device. |
| Hostname |
A label assigned to a device on a network, used to identify it and usually linked to an IP address. |
| Hunt Lab |
A pane allowing users to query and view raw telemetry using SQL—ideal for investigating detailed events. |
| Investigation Panel |
A side panel within the Knowledge Graph that helps analysts run investigations on a case. |
| Knowledge Graph |
An interactive visual explorer that maps the relationships between entities involved in a case. |
| Observation |
A single security event detected by SenseOn, based on endpoint or network telemetry. Correlated observations may form a case. |
| Quick Action |
A shortcut to retrieve telemetry without using Hunt Lab. |
| Recovery Codes |
Backup verification codes used for 2FA if the authenticator app is unavailable. |
| Reveal |
SenseOn's data exploration module, providing dashboards, interactive filtering, and a natural-language AI chat for security data. |
| Resolve AI |
SenseOn's autonomous case-investigation feature, which runs analysis steps and presents findings within the Investigate module. |
| Reflex |
SenseOn's automated case-response capability. When a Reflex-enabled detection fires with high confidence, the platform automatically takes a configured action (for example device isolation or session revocation) without waiting for an analyst. |
| Remediation Action |
Also called Active Response Remediation Action. A quick way for users to take action directly from the platform. |
| Response |
Any manual or automatic response taken through the SenseOn platform. |
| SenseOn Analyst |
An analyst from the SenseOn Managed SOC team. |
| SenseOn Appliance |
A term we avoid—refers to the outdated model of physical telemetry collection. We use a modern, cloud-based approach. |
| SenseOn Platform |
The UI that users interact with. |
| Telemetry |
Activity data collected by SenseOn or third parties, used to develop detections. Telemetry may become observations. |
| Time-based One-time Password |
Temporary codes generated using the current time, used for two-factor authentication (2FA). |
| Universal Sensor |
Our branded term for the endpoint detection software (EDR agent) that protects customer devices like laptops and servers. |