ContraForce Data Connector Anomaly Detection

Within the Global Command page, ContraForce helps detect configuration drift by detecting anomalies for integrated data connectors. The article will provide an overview on how the anomalies are detected.


The Global Command page is the hub of managing incidents for multiple tenants. In addition to incident triage, ContraForce helps operators manage data connectors for multiple tenants. One of the most important aspects of managing data connectors is detecting anomalies. 

What qualifies as an anomaly? 

A data connector anomaly can manifest in multiple ways. An anomaly could be a surge of data, a sudden drop in data, or maybe no data at all. This can be particularly concerning when a data connector shows a status of "connected" but no data is being sent. The Data Connector Anomalies card helps bring attention to these potential issues with data connectors. 

How are anomalies detected?

Each data connector API has criteria within it to help detect issues with data flow into ContraForce. When the criteria fails, the card will populate with an anomaly. Each anomaly will contain the name of the associated child tenant as well as the data source. Clicking the tenant name will open the Data Connector library for the child tenant. From here the configuration of the data connector can be managed through the "Configure" button. 


Additionally the Data Connectors library can be accessed for a specific child tenant through the Workspaces page. 



If you have any questions about the Data Connector Anomalies card, please contact the ContraForce Support team at We are happy to help!