Trigger and Pattern detail page

• Name – assign a unique name for the entry.
• Tenant – add tenants to allow tenancy access. See also Multitenancy feature.
• Minimal Bit Count – the threshold for the minimal number of anomaly indicators that have to show anomalous behavior to activate the trigger. It can be combined with Patterns.

The Minimal Bit Count setting is a threshold that is evaluated on top of the anomaly indicator patterns. When patterns have been configured, a trigger is only activated if any of the configured indicator patterns match and the bit count threshold is reached.

The following screenshot shows a random example of a pattern configuration:

• Use the + button to add one or more patterns.
• A pattern is formed by 7 different anomaly indicators. Each indicator can be selected to be:

	Grey dot – the pattern will match either normal or anomalous behavior of this indicator.
	Red dot – the pattern will match if this indicator shows anomalous behavior.
	Green dot – the pattern will match if this indicator shows normal behavior.

A best practice configuration example is described in the article trigger, pattern and rule configuration of our Airlock Anomaly Shield configuration guide.

Airlock Anomaly Shield currently implements seven indicators in total:

• Internal links:
• Airlock Anomaly Shield configuration guide for best practice configuration.