Under Review

Explicitly mention "Threat Graph does not create cases for ML PUA detections" in the Threat Graph KBAs

The KBA for Threat Graphs and Threat Graph analysis both fail to mention the core limitation that ML PUA events do not generate threat cases.


^These pages should BOTH include the caveat mentioned in the "Sophos Intercept X: ML detections explained" KBA that notes:

"Note: ML PUA detections don’t create Threat Graphs. However, you can use the Threat Hunting query under Live Discover to search your devices for the reported file name or SHA-256."

It took me waaaaaay to long googling the issue to find out that ML PUA detections not making threat cases is expected and not a bug. Please update the feature documentation to include this limitation for deep learning PUA detections.

Many thanks,