Anomalies are deviations from a normal pattern in one or more parameters that signal unexpected behavior. Anomalies are not, by definition, good or malicious. They are simply unexpected reactions.

An anomaly could be an abnormally high number of users logging in as well an unusually low number. If bandwidth use spikes suddenly beyond what would be expected for the specific time of day, for example, an anomaly would be generated by Anodot and the administrator would likely attempt to investigate the root of this occurrence, perhaps because of a DDOS attack.

An alert is a warning that a specific event (or series of events) has occurred, which is then sent to responsible parties for the purpose of spawning action. A typical enterprise SOC (security operations center) sees thousands if not millions of alerts a day, a fraction of alert to real threats. All alerts that are sent due to benign causes are referred to as false positives.