Detection Threshold
Lower threshold = more alerts (higher recall, more FPs) | Higher threshold = fewer alerts (lower recall, fewer FPs)
True Positive Rate
0%
Recall / Sensitivity
False Positive Rate
0%
Type I Error
Precision
0%
TP / (TP + FP)
F1 Score
0.00
Harmonic mean
ROC Curve (Receiver Operating Characteristic)
Confusion Matrix
Predicted Positive
Predicted Negative
Actual Positive
True Positive
0
0%
False Negative
0
0%
Actual Negative
False Positive
0
0%
True Negative
0
0%
Understanding the Tradeoff: The ROC curve shows all possible threshold settings. The current threshold is marked in red. Moving left on the curve (lower threshold) catches more threats but increases false alarms. Moving right (higher threshold) reduces noise but misses real threats. Ideal threshold depends on your operational context: high-security environments tolerate more FPs, while high-volume SOCs need fewer alerts.