Glossary

Cybersecurity often involves complex terminology and a wide array of acronyms. This glossary is designed to support your understanding of the SenseOn platform by clearly defining commonly used terms and abbreviations.

Common Terminology

Term	Meaning
Agent	A generic term for our Universal Sensor.
AI Assistant	A general term for SenseOn's Generative AI capability, coordinated by Horus, that accelerates incident response through automated investigation and analysis. Customers can opt in or out via Settings or our support team.
AI Case Summary	A summary of the case, compiled by the LLM (AI Assistant).
Alert	A security event generated by a third-party provider.
Case	A group of one or more observations correlated by common factors (e.g. same device or IP). Cases vary in threat level: Low, Medium, High, Critical.
Cybersecurity	The practice of protecting systems, networks, and data from digital attacks and unauthorised access.
Data	A collective term for Alerts and Telemetry.
Device	A physical or virtual component that can connect to a network (e.g. computers, servers, mobile devices, IoT devices). A device may or may not have the Universal Sensor installed.
Device ID	Normally shows the Fully Qualified Domain Name (FQDN).
Device Name	Normally shows the hostname or FQDN.
Device Precise ID	A unique set of capital letters and numbers used to identify a device.
Endpoint	A user-operated device (e.g. laptop, smartphone) that serves as a point of access to a network. Always has the Universal Sensor installed.
Endpoint Agent	A generic term for our Universal Sensor.
Endpoint Event	A unit of telemetry reported by the Universal Sensor.
Endpoint ID	Normally shows the hardware ID.
Event	Any activity on a device, such as failed logins or malware infections.
Hardware ID	A unique alphanumeric identifier (uppercase only) for a device.
Horus	SenseOn's AI orchestrator and chat interface. Horus coordinates SenseOn's specialist AI agents (Resolve, Hunter and others) on top of the platform's built-in detection. See SenseOn AI Architecture.
Hostname	A label assigned to a device on a network, used to identify it and usually linked to an IP address.
Hunt Lab	A pane allowing users to query and view raw telemetry using SQL, ideal for investigating detailed events.
Hunter	The specialist AI agent in Hunt Lab. Hunter hunts telemetry and helps write, debug, and explain CHSQL queries, coordinated by Horus.
Investigation Panel	A side panel within the Knowledge Graph that helps analysts run investigations on a case.
Knowledge Graph	An interactive visual explorer that maps the relationships between entities involved in a case.
Observation	A single security event detected by SenseOn, based on endpoint or network telemetry. Correlated observations may form a case.
Quick Action	A shortcut to retrieve telemetry without using Hunt Lab.
Recovery Codes	Backup verification codes used for 2FA if the authenticator app is unavailable.
Reveal	SenseOn's data exploration module, providing dashboards, interactive filtering, and a natural-language AI chat for security data.
Resolve	SenseOn's autonomous case-investigation agent, which runs analysis steps and presents findings within the Investigate module. Coordinated by Horus.
Reflex	SenseOn's automated case-response capability. When a Reflex-enabled detection fires with high confidence, the platform automatically takes a configured action (for example device isolation or session revocation) without waiting for an analyst.
Remediation Action	Also called Active Response Remediation Action. A quick way for users to take action directly from the platform.
Response	Any manual or automatic response taken through the SenseOn platform.
SenseOn Analyst	An analyst from the SenseOn Managed SOC team.
SenseOn Appliance	A term we avoid, refers to the outdated model of physical telemetry collection. We use a modern, cloud-based approach.
SenseOn Platform	The UI that users interact with.
Telemetry	Activity data collected by SenseOn or third parties, used to develop detections. Telemetry may become observations.
Time-based One-time Password	Temporary codes generated using the current time, used for two-factor authentication (2FA).
Universal Sensor	Our branded term for the endpoint detection software (EDR agent) that protects customer devices like laptops and servers.

Glossary of Acronyms

Acronym	Meaning
2FA	Two-factor authentication.
ARRA	Active Response Remediation Actions.
CAA	Customer Accessible API – the namespace under which SenseOn Connect endpoints (including Personal Access Tokens) are exposed.
EDC	External Data Collector – API that connects SenseOn to other data sources.
EDR	Endpoint Detection and Response.
EPNS	Endpoint Network Sensor.
EPP	Endpoint Protection – the malware protection module within the Universal Sensor.
FQDN	Fully Qualified Domain Name – full domain path to uniquely identify a host (e.g., `host.example.com`).
LTTR	Long-Term Telemetry Retention – the platform's mechanism for retaining telemetry beyond the standard window.
MDR	Managed Detection and Response.
MFA	Multi-Factor Authentication. SenseOn supports MFA via a TOTP authenticator app.
MITRE ATT&CK	A globally recognised framework that catalogues adversary tactics, techniques, and procedures. SenseOn maps observations to MITRE techniques.
MTTD	Mean Time to Detect – elapsed time from first observation to case creation.
MTTR	Mean Time to Respond – elapsed time from case creation to closure.
NDR	Network Detection and Response.
PAT	Personal Access Tokens – secure, user-specific keys used to access SenseOn Connect.
PID	Process ID – a unique identifier for a running process.
SIEM	Security Information and Event Management – solution for detecting threats before disruption.
SSO	Single Sign-On. SenseOn supports SSO via Okta.
TOTP	Time-based One-time Password – used in the platform for 2FA.
VDI	Virtual Desktop Infrastructure – environments such as Citrix XenApp / XenDesktop and VMware Horizon.