The detection gap
Attack events only (Use Case 5.1) | Incidents + correlated attack events |
Individual alerts per exploit — you triage each one separately | A single incident alert groups related exploits into one investigation |
No built-in prioritization beyond severity | Incidents only fire when the platform determines SOC attention is warranted |
A SOC analyst must correlate events manually | Related attack events are pre-correlated — the evidence is assembled for you |
Works with all Contrast customers | Requires Contrast Northstar platform |