Forum Discussion
Solved
Affected rows stateful anomaly on database vs. Response rows stateful anomaly on database
Is there a difference between the two scheduled rules, "Affected rows stateful anomaly on database" and "Response rows stateful anomaly on database"? I can see that they have different descriptions: ...
Found solution
Hi lfg524,
Yes, there is a difference between the two. "Affected rows stateful anomaly" is meant to detect when data is changed or deleted, while "Response rows stateful anomaly" focuses on detecting when data is accessed, indicating possible data exfiltration. Even though the descriptions suggest different purposes, it's possible the queries are set up the same by mistake. You should verify and adjust the queries to match the intended purpose for each rule.