Getting Started
Trust CenterTourStatusPageSupport

What is a Sighting?

Suggest Edits

Sightings represent instances where anobject is observed in a customer environment. These can be categorized as either actual or virtual:

  • Actual sightings refers to files that are collected directly from an asset, typically via forwarder or Swell CLI.
  • Virtual sightings refers to files that Stairwell identifies by unpacking objects collected from client machines.

For example, if an asset contains a zip file with a malicious executable, the zip file is recorded as an actual sighted object, while the executable inside it is recorded as a virtual sighted object from the same asset.

📘

Note:

Sighting counts do not equal the asset counts.

Updated 3 months ago

What’s Next