cloud1

cloud2

cloud3

cloud4

cloud5

cloud6

← Back to homepage

Annotator catalog illustration

Annotator catalog

Behavioral Signals In The Evidence Graph

Each annotator represents a distinct signal family inside Syndu’s annotation layer. The catalog now connects the code, the behavioral intent, the public explanation, and recent real annotated events from the system.

Automated client behavior illustration

Annotator bot

Automated client behavior

Traffic patterns strongly suggest automation rather than a human-operated browser.

User-Agent anomaly illustration

Annotator ua

User-Agent anomaly

User-Agent signals look missing, inconsistent, or indicative of non-browser tooling.

Referrer abuse illustration

Annotator ref

Referrer patterns look manipulated, irrelevant, or inconsistent with normal navigation.

Request size anomaly illustration

Annotator request_size

Request size anomaly

Requests are unusually large or shaped in a way that suggests abuse or automation.

Explore request_size

Scan velocity illustration

Annotator scan_velocity

High request rate and broad endpoint coverage suggest scanning or automated enumeration.

Explore scan_velocity

Protocol anomaly illustration

Annotator proto

Protocol anomaly

Request structure or protocol-level signals deviate from typical browser HTTP traffic.

HTTP method anomaly illustration

Annotator method

HTTP method anomaly

Unusual or unexpected HTTP methods observed for the target endpoints.

Sensitive file probing illustration

Annotator sfp

Sensitive file probing

Requests target commonly sensitive files, configs, backups, or administrative resources.

Path traversal attempts illustration

Annotator trav

Path traversal attempts

Request paths/parameters resemble attempts to access files outside intended directories.

Firewall/VPN Console Probing illustration

Annotator fwprobe

Firewall/VPN Console Probing

Requests match known firewall, VPN, and gateway admin/login surfaces or client artifacts, indicating explicit probing of security-device endpoints.

Explore fwprobe

Credential brute forcing illustration

Annotator cred

Credential brute forcing

Repeated authentication attempts consistent with password guessing or credential stuffing.

Command injection attempts illustration

Annotator cmdi

Command injection attempts

Request content resembles attempts to execute OS commands via an application.

General injection attempts illustration

Annotator injg

General injection attempts

Suspicious input patterns consistent with injection-like probing across multiple families.

SQL injection attempts illustration

Annotator sqli

SQL injection attempts

Input patterns resemble attempts to manipulate SQL queries via application parameters.

Header injection attempts illustration

Annotator hdrinj

Header injection attempts

Input patterns suggest attempts to manipulate headers or downstream header parsing.