NOVELTY DETECTOR: CONTEXT AWARE ANOMALY DETECTION
Detect unknown threats in real-time
Find the truly novel events hidden within massive streams of data: instantly, accurately, and without manual training or labeled data.
Traditional security and monitoring falls short
Your existing security and monitoring tools are
drowning in data, yet missing critical anomalies. Why?
Limited to Numerical Data
Traditional anomaly detection struggles with non-numeric (categorical) data like IP addresses, user IDs, file paths, and API calls. Encoding this rich data into numbers is lossy, destroys context, and often fails due to the “curse of dimensionality.”
Data Filtering
To mitigate too-much-data, most engineers find a clever way to pre-filter data before it’s analyzed. This often leads to missed results, and even if it works the first time, filtering means missing the important events you didn’t anticipate.
False Positives
Threshold-based alerting on numerical data creates a storm of false positives, burying real threats in noise and leading to analyst burnout.
Batch Delays
Waiting hours or days for batch analysis means you detect threats only after the damage is done.
Training Bottlenecks
Supervised ML requires laborious data labeling and constant retraining, making it slow to adapt and ineffective against zero-day threats or evolving insider tactics.
See what others can’t with
thatDot Novelty Detector
thatDot Novelty Detector is a new kind of anomaly detection engine, built upon the high-performance Quine Streaming Graph platform. With Novelty, you can find and rank the important events you didn’t know to look for, in ALL your data.
How Novelty Works
Novelty Detector continuously learns the “normal” behavioral fingerprint of your unique environment directly from your data streams – unsupervised and instantly. It goes beyond just flagging statistical outliers; it identifies truly novel events that deviate from learned patterns, while intelligently distinguishing them from merely unique but expected occurrence. Then it ranks each event and explains the context of what made each event important.
Key Capabilities

Detect unknown unknowns
Proactively uncover zero-day exploits, insider threats, and novel fraud schemes without relying on pre-defined signatures or rules. Unsupervised, self-learning AI dynamically identifies deviations from normal behavioral patterns.

Dramatically reduce false positives
Just because it’s new doesn’t mean it’s novel. Contextual fingerprinting distinguishes what is truly novel from what is just previously unseen. Increase SOC/NOC efficiency, reduce alert fatigue, and focus analyst attention on genuine threats, leading to faster, more accurate responses.

Unlock insights from categorical data
Gain deeper insights and detect threats hidden within the rich contextual information that comprises the majority of your event data. Natively processes high-cardinality categorical data (IPs, user IDs, file paths, hostnames, etc.) without lossy encoding.

Real-time, explainable scoring
Enable immediate, confident investigation and trigger automated responses (e.g., via SOAR integration) based on high-fidelity alerts. Provides millisecond-latency novelty scores with explanations pinpointing why an event is anomalous.

Rapid deployment and adaptation
Deploy quickly and adapt automatically to evolving environments and threats without disruptive and time-consuming retraining cycles. No manual data labeling or batch training required. Learns continuously from live data streams.
Novelty Detector
Use Cases
Cybersecurity
Monitor network, device, user, and application data for unusual configuration changes or access patterns.
Network optimization
Identify network route inefficiencies, and eliminate redundant alerts through topology awareness.
Fraud detection
Analyze usage for excess concurrent usage, and generate events to enforce entitlement compliance.
Log data reduction
Intelligently filter log data to eliminate the huge bulk of uninformative data. Highlight what’s important and make use of all of your logs intelligently.
General anomaly detection
Black swan events and unknown unknowns can be extremely hard to detect since you don’t know what to look for. Novelty finds them and increases your knowledge about your data.
Edge system abnormalities
Filter away the bulk of irrelevant readings to spotlight potential problems for predictive maintenance, smart metering, asset monitoring, process automation, and improving customer experiences.
Ready to detect the undetectable?
Find the real threats hidden in your data.
See how thatDot Novelty Detector can provide unparalleled visibility
into your categorical data streams.
Enterprise-ready
Built on the revolutionary Quine Streaming Graph platform,
Novelty Detector inherits enterprise-ready capabilities:
Horizontal scalability
Seamlessly scale to handle massive event volumes from diverse sources.
Flexible integration
Simple REST API enables easy integration into existing data pipelines, SIEMs, SOAR platforms, and monitoring tools.
Data durability
Pre-process raw data streams directly within Novelty Detector, simplifying your pipeline.
Streaming results
Publish results in real-time to integrate with other streaming systems and find important events immediately.