| Active Threat | An endpoint that has contacted an unused address and has tried to exchange data. |
| Admin (account) | A Ridgeback account with administrative privileges for an organization. |
| Annotation | A label placed on a set of network events or other entities. |
| Automation | The process of setting up systems or tools to perform repetitive tasks or workflows without manual intervention. |
| Backup | A copy of data that is stored separately to ensure it can be restored in case of loss, corruption, or attack. |
| Black Hole (icon) | An icon representing where an Rcore observed traffic going to an endpoint, but no traffic was observed coming back. |
| Breach | An incident where unauthorized access to data, systems, or networks has occurred, potentially compromising security. |
| Broadcast | The transmission of data packets to all devices in a network segment rather than a specific recipient. |
| Capacity | The number of network addressable devices on a network. |
| Complexity (network) | A measure of the interconnectedness and intricacy of devices, protocols, and configurations in a network. |
| Complexity Histogram | A graphical representation showing the distribution of network complexity across various devices or segments. |
| Container | A lightweight, standalone software package that includes code and dependencies, isolated from the host system. |
| Data Leakage | Data unintentionally crossing between network segments. |
| Data Retention Policy | Guidelines governing the duration and method for storing and disposing of data within an organization. |
| Database | An organized collection of structured data that can be accessed, managed, and updated. |
| DFIR | Digital forensics and incident response. |
| Digital Forensics | The process of collecting, preserving, analyzing, and presenting digital evidence from electronic devices. |
| Disaster Recovery | A set of strategies and procedures to restore critical systems and data after a disruptive event. |
| DNS | The Domain Name System, which translates human-readable domain names to IP addresses for network routing. |
| Docker | An open-source platform for developing, shipping, and running applications in containers. |
| Endpoint | An address attached to a physical or virtual device used for communications. |
| Endpoint Load | The average number of endpoints per device. |
| Enumeration | The process of gathering detailed information about network devices and resources, often as a precursor to attacks. |
| Exploit | A piece of code or technique that takes advantage of a vulnerability to compromise a system or data. |
| Exposure (network) | The extent to which a network’s devices, data, or resources are visible or accessible to potential threats. |
| Exposure Histogram | A visual representation showing the frequency or level of exposure of devices or segments within a network. |
| Incident Response | An approach for responding to security incidents to minimize damage, recover operations, and prevent future incidents. |
| Insecure Hostname Request | A network request where a hostname is queried without encryption or authentication, potentially exposing data to threats. |
| IP Address | A unique identifier assigned to each device on a network, enabling it to communicate with other devices. |
| LLMNR | Link-Local Multicast Name Resolution, an insecure protocol for name resolution in small, local networks. |
| Lateral Movement | A technique used by attackers to move within a network to gain access to additional resources or data. |
| Layer 2 | The data link layer in the OSI model, responsible for node-to-node data transfer and MAC addressing. |
| Leaky Pipe (icon) | An icon representing an insecure hostname request. |
| License Key | A code that grants permission to use Ridgeback in compliance with the terms of a license agreement. |
| License Name | The official name of the license under which Ridgeback is authorized for use. |
| Link | A connection between two endpoints. |
| Link Load | The average number of links per endpoint. |
| MAC Address | A unique identifier assigned to network interfaces for communications at the data link layer (i.e., layer 2). |
| mDNS | Multicast DNS, an insecure protocol allowing devices on the same local network to resolve hostnames to IP addresses. |
| Microsegmentation | Dividing a network into smaller, isolated segments to limit the spread of threats and increase control. |
| Multi-Factor Authentication (MFA) | An authentication method requiring multiple forms of verification to access a system or service. |
| Multicast | A method of data transmission where packets are sent to multiple recipients on a network simultaneously. |
| Nameserver | A server that translates domain names into IP addresses for network routing. |
| Network Access Control (NAC) | Policies and technologies used to regulate access to network resources based on device identity and security. |
| Network Address Translation (NAT) | A method of mapping private IP addresses to a public IP address for devices to communicate outside a local network. |
| Network Graph | A visual diagram showing the relationships and connections between endpoints and devices within a network. |
| Network Hygiene | Regularly maintaining and securing a network to prevent vulnerabilities, ensure compliance, and sustain optimal performance. |
| Network Segment | A defined portion of a network, often isolated to improve security and traffic management. |
| Packet | A small unit of data transmitted over a network, containing both header information and payload data. |
| Phantom | Ridgeback's response to attempts to contact unused addresses. |
| Port | A virtual point for network communication, allowing services and applications to receive specific traffic. |
| PowerShell | A command-line shell and scripting language often used for task automation on Windows systems. |
| Protocol | A set of rules governing data exchange between devices on a network, ensuring compatible communication. |
| ProxMox | An open-source platform for virtualization, supporting virtual machines, containers, and clusters. |
| Rcore | Ridgeback's component used to read and inject network traffic. |
| Recon Threat | An endpoint that has contacted an unused address and has not tried to exchange data. |
| Reconnaissance | The act of scanning or exploring a network or system to identify vulnerabilities and gather intelligence. |
| SQL | Structured Query Language, a standard language for managing and querying relational databases. |
| Script | A sequence of instructions or commands executed to automate tasks on a computer or network. |
| Segmentation | Dividing a network into smaller parts to improve security, performance, and control over traffic. |
| Service | A network or system function that provides specific capabilities, such as file sharing, web hosting, or databases. |
| Service Load | The average number of services per endpoint. |
| Shield (icon) | The shield icon represents where and endpoint has tried to contact a phantom. |
| Superadmin (account) | A Ridgeback account with administrative privileges for an entire Ridgeback installation. |
| System Security Plan (SSP) | A documented framework outlining security requirements, controls, and practices for a system or network. |
| TCP | Transmission Control Protocol, a reliable communication protocol ensuring ordered and error-checked data delivery. |
| Threat | Within the context of Ridgeback, a threat represents any potential risk, vulnerability, or adversarial path that could compromise the integrity, confidentiality, or availability of network assets. |
| User | An account or individual with access to a network or system, typically with restricted privileges. |
| VLAN | Virtual Local Area Network, a logical subdivision of a network that isolates devices as if on separate networks. |