Detections
Observable indicators and strategies for identifying adversary behavior.
| Detection ID | Name | Description |
|---|---|---|
| PET0001 | Tailgating at Mantrap | Monitor mantrap logs and video for two persons entering on a single badge read. |
| PET0002 | Forced or Held-Open Door | Alert on forced-door or extended hold-open conditions at controlled perimeter openings. |
| PET0003 | Camera Offline or Coverage Loss | Detect cameras going offline, reporting tamper, or losing expected field of view. |
| PET0004 | Intrusion Sensor Fault or Tamper | Investigate sensor trouble, bypass, or tamper indicators that precede or coincide with movement in protected areas. |
| PET0005 | Anomalous Badge Reuse | Correlate badge reads that violate anti-passback, appear at impossible intervals, or repeat across separated readers. |
| PET0006 | Visitor Overstay or Sign-In Mismatch | Flag visitors who remain signed in beyond expected duration or depart without matching sign-out records. |
| PET0007 | After-Hours Access Event | Review access grants outside defined business hours against approved work orders or escort requirements. |
| PET0008 | Access Outside Authorized Zone | Detect badge use at readers or zones not assigned to the credential holder's role or visit scope. |
| PET0009 | False Alarm Cluster | Identify bursts of nuisance alarms or manual activations without corroborating sensor or video events. |
| PET0010 | Unexpected Intrusion Sensor Alert | Correlate zone alarm activations on intrusion panels with access control and video to identify unauthorized movement in protected areas. |