Detection Points¶
A detection point represents something determined to be suspicious enough to warrant investigation. Only observables and analysis objects can have detection points, and in practice observables are usually the best place to put them.
A entire analysis that has one or more detection points is considered by ACE to be an alert and thus has the analysis mode changed to correlation
during analysis.