Threat Stack with ThreatML predicts the behavior of your infrastructure through two different data models. These data models collect 30 days of specific information from your infrastructure to create a baseline of normal, predictable behavior.

After ThreatML establishes a baseline, once per day it compares your baseline to your current infrastructure and reports any behavior that deviates from the models’ predictions as anomalous.


Challenge 1Review Anomalies

  1. Navigate to the Threat Stack Cloud Security Platform:
  2. In the Email field, type as the email address and click Next.
  3. In the Password field, type xxxxxxx as the password and click Next.
  4. Select threatML in the navigation bar or View Anomalies from the Dashboard


Access to the Threat Stack Cloud Security Platform® is managed by the Lab Members.