# Detection Categories
Detection categories are similar to flow tags. They are used to group or ‘categorize’ detection models, after which rules - based on categories - can be crafted.
## System
The system categories are based off the [MITRE ATT\&CK®](https://attack.mitre.org/) framework.
| Short name | Long name |
| ------------- | -------------------------------------------- |
| configuration | Neto\_configuration |
| iprep | IP Reputation Based |
| p2p | Peer To Peer |
| policy | Policy |
| rate | Rate Based |
| security | Security |
| t1001 | T1001 Data Obfuscation |
| t1007 | T1007 System Service Discovery |
| t1008 | T1008 Fallback Channels |
| t1011 | T1011 Exfiltration Over Other Network Medium |
| t1016 | T1016 System Network Configuration Discovery |
| t1018 | T1018 Remote System Discovery |
| t1020 | T1020 Automated Exfiltration |
| t1021 | T1021 Remote Services |
| t1033 | T1033 System Owner or User Discovery |
| t1040 | T1040 Network Sniffing |
| t1041 | T1041 Exfiltration Over C2 Channel |
| t1043 | T1043 Commonly Used Port |
| t1046 | T1046 Network Service Scanning |
| t1048 | T1048 Exfiltration Over Alternative Protocol |
| t1049 | T1049 System Network Connections Discovery |
| t1082 | T1082 System Information Discovery |
| t1083 | T1083 File and Directory Discovery |
| t1090 | T1090 Proxy |
| t1095 | T1095 Non-Application Layer Protocol |
| t1102 | T1102 Web Service |
| t1110 | T1110 Brute Force |
| t1119 | T1119 Automated Collection |
| t1124 | T1124 System Time Discovery |
| t1133 | T1133 External Remote Services |
| t1135 | T1135 Network Share Discovery |
| t1136 | T1136 Create Account |
| t1189 | T1189 Drive-by Compromise |
| t1204 | T1204 User Execution |
| t1205 | T1205 Traffic Signaling |
| t1207 | T1207 Rogue Domain Controller |
| t1219 | T1219 Remote Access Software |
| t1482 | T1482 Domain Trust Discovery |
| t1498 | T1498 Network Denial of Service |
| t1499 | T1499 Endpoint Denial of Service |
| t1518 | T1518 Software Discovery |
| t1526 | T1526 Cloud Service Discovery |
| t1534 | T1534 Internal Spearphishing |
| t1535 | T1535 Unused Unsupported Cloud Regions |
| t1537 | T1537 Transfer Data to Cloud Account |
| t1538 | T1538 Cloud Service Dashboard |
| t1557 | T1557 Adversary-in-the-Middle |
| t1562 | T1562 Impair Defenses |
| t1563 | T1563 Remote Service Session Hijacking |
| t1566 | T1566 Phishing |
| t1567 | T1567 Exfiltration Over Web Service |
| t1568 | T1568 Dynamic Resolution |
| t1571 | T1571 Non-Standard Port |
| t1572 | T1572 Protocol Tunneling |
| t1573 | T1573 Encrypted Channel |
| t1578 | T1578 Modify Cloud Compute Infrastructure |
| t1580 | T1580 Cloud Infrastructure Discovery |
| t1583 | T1583 Acquire Infrastructure |
| t1584 | T1584 Compromise Infrastructure |
| t1585.001 | T1585.001 Social Media Accounts |
| t1589 | T1589 Gather Victim Identity Information |
| t1590 | T1590 Gather Victim Network Information |
| t1592 | T1592 Gather Victim Host Information |
| t1595 | T1595 Active Scanning |
| t1598 | T1598 Phishing for Information |
| t1599 | T1599 Network Boundary Bridging |
| t1602 | T1602 Data from Configuration Repository |
| t1614 | T1614 System Location Discovery |
| t1619 | T1619 Cloud Storage Object Discovery |
| ta0011 | TA0011 Command and Control |
## Custom
In addition to the system default categories, custom detection categories can also be configured in Netography Fusion. To create a custom category in the portal, go to **Settings > Detection Categories**, then on the main Detection Categories menu, click **ADD/UPDATE CATEGORY**.
You can input your own category and description and click **SAVE** at the bottom of the window.
---
# Agent Instructions: Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter:
```
GET https://docs.fusion.vectra.ai/detection-models/detection-categories-1.md?ask=
```
The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.