CrowdStrike has introduced Automated Leads, a threat detection capability powered by self-learning AI models within the CrowdStrike Signal engine. This approach addresses the limitations of traditional rule-based alerting, which often leads to alert fatigue and the suppression of potentially critical indicators due to high-volume noise. By utilizing entity-based scoring, the system shifts focus from binary alerts to prioritizing events based on their aggregate impact on specific hosts.
The AI engine evaluates millions of indicators that fall below traditional detection thresholds, assigning scores to individual events and summing them by entity, such as an endpoint. This allows security analysts to detect sophisticated adversary behavior and anomalous usage of remote monitoring and management (RMM) tools that would otherwise go unnoticed in complex environments.