Context Creation Models (CCM) are always-running search conditions applied to incoming flow. Labels are then generated when thresholds are exceeded. CCMs provide distinct advantages when it comes to configuration and output. CCM outputs result in labels being dynamically added or removed from the Fusion, allowing for more precise and tailored control of detection and alerting processes. With CCMs, you can customize your detection system to better suit your unique requirements and preferences.

System

The System tab consists of the following columns:

Checked/Unchecked: This column allows you to select one or multiple Detection Models to apply changes to them simultaneously.

Recommended: This thumbs up column provides three options to choose from: All, Recommended, or Default. The Recommended option displays Detection Models that are most appropriate for your environment.

Name/Desc: This column displays the name and description of each Detection Model.

NQL Search: This search field allows you to filter for Detection Models using Netography Query Language (NQL).

Thresholds: This drop-down provides three options to choose from: All, Medium, and High. Selecting a threshold filters the Detection Models by the chosen threshold level.

Track: This field displays the Detection Models that are actively tracking.

Enabled: This drop-down provides three options to choose from: All, Enabled, or Disabled. Selecting an option filters the Detection Models by their enabled status.

At the far left of each row, there is an ellipsis icon that allows you to edit the settings and audit log entries of each CCM, allowing you to configure a new CCM based on the settings of the existing one and enabling you to tailor CCMs to the specific needs of your environment.

Custom

The Custom Detection Models portal screen has the same columns as the System tab minus the recommendation columns:

Checked/Unchecked: This column allows you to select one or multiple Detection Models to apply changes to them simultaneously.

Name/Desc: This column displays the name and description of each custom Detection Model.

NQL Search: This search field allows you to search for custom Detection Models using Netography Query Language (NQL).

Thresholds: This drop-down provides three options to choose from: All, Medium, and High. Selecting a threshold filters the custom Detection Models by the chosen threshold level.

Track: This field displays the custom Detection Models that are actively tracking.

Enabled: This drop-down provides three options to choose from: All, Enabled, or Disabled. Selecting an option filters the custom Detection Models by their enabled status.

The Custom Detection Models portal screen is specifically for custom-defined/configured Detection Models, allowing Detection Model creation tailored to environments.