RESOURCES

Glossary

Vimy uses precise terminology — some from military doctrine, some from cybersecurity frameworks, some unique to the platform. Here's what it all means.

A

Action Manifest

A structured list of response actions planned for a Threat Response Operation. Each action specifies what will be done, to which entity, via which connector. In supervised mode, the manifest awaits human approval before execution.

ATT&CK (MITRE)

A globally recognized knowledge base of adversary tactics, techniques, and procedures. Vimy maps every detection specification to ATT&CK techniques and visualizes coverage on the Fog of War page.

B

Battery

A self-contained security monitoring module that specializes in one layer of your environment. Vimy has 11 batteries: Perimeter, Identity, Infrastructure, Email, Endpoint, Network, SaaS, Data, Supply Chain, Compliance, and Quantum. Named after military artillery batteries — coordinated defensive positions that provide mutual support.

Battle Damage Assessment (BDA)

Automated post-response verification. After Vimy executes a containment action, BDA verifies the threat is neutralized, checks for attacker adaptation, and confirms the response was effective. Don't assume containment worked — prove it.

Blast Radius

The scope of entities affected by a security incident — users, endpoints, servers, applications, and data. Vimy calculates blast radius automatically using the ontology graph.

C

Combined Arms

A military doctrine where multiple unit types attack simultaneously, creating a dilemma the adversary cannot solve. In Vimy, combined arms means multiple batteries respond to a threat simultaneously — the attacker can't evade perimeter, identity, and infrastructure containment at the same time.

Command Center

Vimy's primary dashboard — the daily morning view. Shows active TROs, posture score, battery health, pending approvals, threat timeline, and force multiplier metric. Everything your team needs on one screen.

Connector

An integration between Vimy and an external tool or service. Connectors feed security telemetry into the platform and enable response actions. Vimy has 24 connectors — 3 live (Cloudflare, Google Workspace, Canadian cloud infrastructure) and 21 in development.

Cross-Battery Correlation

Vimy's ability to connect signals from different batteries into unified attack narratives. A phishing email (Email battery) + impossible travel login (Identity battery) + server access (Infrastructure battery) becomes one correlated threat — not three unrelated alerts.

D

Detection Specification

A composable rule that evaluates normalized telemetry against a known attack pattern. Specifications can be combined using AND, OR, and NOT logic. Vimy has 56+ detection specifications across all batteries.

Drift Detection

Continuous monitoring for security configuration changes that weaken your posture — MFA disabled, firewall rules loosened, WAF rulesets turned off. Vimy detects drift in real time and alerts before the weakened configuration is exploited.

E

Evidence Chain

The complete trail of evidence attached to a TRO — raw events, normalized data, entity relationships, detection rules, AI triage results, response actions, and verification results. Serves as both forensic record and compliance evidence.

F

Fog of War

A military concept describing uncertainty about the battlefield. In Vimy, the Fog of War page shows your MITRE ATT&CK coverage — which techniques you detect, partially cover, or don't cover at all. Reducing the fog means connecting more batteries and connectors.

Force Multiplier

A metric showing how much Vimy amplifies your team's effectiveness. Calculated from detection coverage, response speed, and automation level. A 4× force multiplier means your team operates as if it were 4× larger.

K

Kill Chain

The sequence of steps an attacker follows — reconnaissance, weaponization, delivery, exploitation, installation, command & control, and actions on objectives. Vimy's detection specifications target multiple stages, and cross-battery correlation disrupts the chain at multiple points simultaneously.

L

AI Engine

The large language model powering Vimy's AI capabilities — triage, narrative generation, and natural language investigation. Runs on Canadian GPUs. Your data never leaves Canada for AI processing.

M

Mutual Support

A military doctrine where defensive positions protect each other's blind spots. In Vimy, batteries provide mutual support — Identity covers Infrastructure's credential gap, Perimeter covers Email's phishing exposure. No battery operates alone.

N

Narrative

A plain-English summary generated by AI for every TRO. Vimy produces three narrative types: Technical Timeline (for SOC analysts), Business Impact Summary (for leadership), and Compliance Artifact (for auditors). One incident, three audiences, zero manual writing.

O

OCSF (Open Cybersecurity Schema Framework)

An industry-standard event schema used by AWS, Splunk, and CrowdStrike. Vimy normalizes all telemetry to OCSF — making events structured, queryable, and portable. No proprietary formats, no vendor lock-in.

OODA Loop

Observe-Orient-Decide-Act — a military decision cycle. Vimy aims for OODA superiority: cycling through the loop faster than the adversary. Automated detection (observe), AI triage (orient), response planning (decide), autonomous execution (act) — all in minutes.

Ontology Graph

A knowledge graph (powered by ArangoDB) that maps every entity in your environment — users, endpoints, applications, IP addresses, cloud resources — and their relationships. Provides the context that makes AI triage accurate and blast radius calculation possible.

P

Posture Score

A unified security score from 0 to 100 calculated from identity posture, perimeter posture, cloud security, and hardening checks. Updates in real time as your environment changes. The single number that answers 'are we secure?'

R

Rules of Engagement (ROE)

Configuration settings that define what Vimy is allowed to do autonomously. Each response action type (IP blocking, session revocation, account suspension, firewall rules, server isolation) requires explicit permission before it's available. You control the rules — Vimy operates within them.

S

Semi-Auto Response

Vimy's recommended response mode. Known threats with high AI confidence are contained automatically. Ambiguous or novel threats are queued for human approval. Every action is reversible. The right balance of speed and human judgment.

T

TRO (Threat Response Operation)

The core object in Vimy. When a threat is detected, a TRO is created with a full lifecycle: Detected → Triaged → Response Planned → Awaiting Approval → Executing → Completed → BDA Verifying → Narrative Generated → Closed. Every TRO includes an evidence chain, entity graph, action manifest, and AI-generated narrative.

Trust Center

A public-facing page that shows your security posture to customers and prospects. Configurable — you choose which sections are visible. Available on Bastion and Citadel plans.

V

Vimy Ridge

A World War I battle (April 1917) where four Canadian divisions fought together for the first time — achieving through combined arms coordination what larger forces had failed to accomplish in three years. Vimy is named for this doctrine: coordinated, multi-layer defense that succeeds where isolated approaches fail.

W

Watcher Agent

Vimy's lightweight Go binary deployed on servers. Runs in user space with zero kernel access. Observes authentication events, process execution, file integrity, network connections, resource utilization, and cryptographic inventory. Reports to the platform — never executes response actions.