SynapseEdge Intelligence

Campaign Correlation Engine

Seven weighted detectors automatically link related attacks into unified campaigns — the work SOC analysts do manually, done in microseconds at the edge.

7
Detection Algorithms
<50μs
Correlation Latency
100%
Local — Zero Cloud
24hr
Signal Retention
7 Correlation Detectors
Each detector runs independently, producing a weighted confidence score
50
Attack Sequence
Same attack payloads appearing across different source IPs.
CATCHES: Coordinated vulnerability scanning, distributed SQLi/XSS campaigns
45
Auth Token
Same JWT structure or issuer appearing across multiple IPs.
CATCHES: Credential stuffing, token replay, shared bot infrastructure
40
HTTP Fingerprint
Different IPs with identical browser fingerprints (JA4H).
CATCHES: IP-rotating bots, residential proxy attacks, same tooling
35
TLS Fingerprint
Same TLS signature (JA4) across different sessions.
CATCHES: Scanner frameworks, bot toolkits, headless browser farms
30
Behavioral Similarity
Identical navigation and timing patterns across actors.
CATCHES: Scripted attacks, automated reconnaissance, identical crawl paths
25
Timing Correlation
Coordinated request timing patterns across IPs.
CATCHES: Botnets, DDoS precursors, synchronized attack waves
15
Network Proximity
Same ASN or /24 subnet clustering. Lowest weight — supporting evidence, not primary signal.
CATCHES: Hosting provider abuse, VPS farm attacks, related infrastructure
Confidence Thresholds
96+
AUTO-BLOCK
80–95
CHALLENGE
60–79
RATE LIMIT
40–59
MONITOR
Confirmed campaign — block all associated actors fleet-wide
High confidence — issue progressive challenges via Interrogator
Medium — apply rate limiting, continue monitoring signals
Low — log signals for investigation, no enforcement action
Signal Intelligence — 4 Categories
Auth Tokens
JWT structure
Issuer pattern
Claims analysis
Rotation timing
Device Fingerprints
Browser profile
Screen + plugins
Canvas hash
JA4H signature
Network Signals
IP + ASN
TLS fingerprint
Geolocation
Subnet clustering
Behavioral Signals
Navigation paths
Request timing
Sequence patterns
Session cadence
Fleet Mode — Cross-Sensor Correlation
SYNAPSE
US-East
SYNAPSE
EU-West
SYNAPSE
APAC
Horizon
Correlates signals across all sensors
Cross-Sensor Campaigns
Attacks spanning multiple locations unified into single campaigns
Global Block Lists
Block propagated from one sensor to entire fleet instantly
Unified Actor Profiles
Single view of threat actors across your entire fleet
War Rooms
Real-time incident coordination with full campaign context
The brain is in the sensor. Campaign correlation happens at the edge.
No cloud latency. No backend bottleneck. Instant detection and response.
Synapse · Horizon
Edge Protection Platform · Atlas Crew