Lighthouse AI is Faddom’s new deep learning-based engine for detecting unusual traffic behavior and potential security threats. Built on a multi-layered deep learning architecture, Lighthouse continuously learns the characteristics of your environment, surfaces only the most relevant insights, and reduces alert noise over time.
Some of the key coverage areas include security threats such as DoS, man-in-the-middle (MITM) attacks, DNS spoofing, port scanning, data exfiltration and additional network abnormalities.
To ensure data privacy, the information sent to Lighthouse is abstracted by your Faddom server, which strips identifiable data before processing. While the Lighthouse servers analyze connection patterns and behaviors, they never have access to actual IP addresses, hostnames, or other identifying information of your environment.
Important Note
Lighthouse AI uses deep learning models that continuously improve but may occasionally produce inaccurate results. All alerts should be verified before taking action. As this is a Beta feature, functionality and accuracy will continue to improve over time.
Prerequisites
Faddom version of 2025.2 or above.
The Faddom server must be able to connect to https://lighthouse.faddom.ai either directly or via http proxy.
Valid Faddom license including the Lighthouse module.
At least one data source with 14 days of stable traffic data.
At least one notification subscription for Lighthouse to send alerts in real time.
How it Works
Faddom constantly sends traffic data to Lighthouse. For the first detection, a minimum of two weeks of data is required. If less than two weeks of data is available, Faddom will continue sending data until it has two weeks’ worth. Once the two-week data is received, Faddom will continue adding to the data and continue analyzing it. When new data sources are added or discovery runs, the Lighthouse model will need to relearn your network to accommodate for new data.
When Faddom detects an anomaly, you will receive a notification through your configured notification channels.
Statuses
You will see one of five statuses in the Lighthouse UI depending on the analysis stage of the data:
Initializing - The Faddom server is starting up and determining the current Lighthouse status.
Learning - Faddom is gathering the required data on your environment.
Training - The model is training based on your data.
Up - AI Anomaly Detection is fully functional.
Down - Lighthouse is currently down.
Managing Anomalies and Rules
Lighthouse identifies anomalous network behavior by analyzing both individual connections and broader clusters. For a cleaner experience, clusters of related connections are presented as a single group. This consolidated view makes it easier to understand the full scope of an anomaly and create rules that refine similar traffic patterns all at once.
When reviewing detected anomalies, you can resolve them to help Lighthouse learn your preferences. Resolving an anomaly closes the event and determines how similar anomalies will be handled in the future.
You can mark an anomaly as valid, indicating to Lighthouse that the detection was accurate and you are interested in being alerted on similar anomalies going forward. This will help Lighthouse understand your environment better, and to improve over time.
Alternatively, you can mark anomalies as ones that should be ignored in the future. When doing so, you must provide a reason explaining why the detection should be ignored. This is critical to Lighthouse’s effectiveness - the reason you provide is used to create rules that prevent similar anomalies from being raised again. Well-defined rules are essential for reducing alert noise and improving detection accuracy over time.
The rules provide administrators with granular control over anomaly detection through custom exclusion rules. These rules are highly flexible, allowing you to exclude specific traffic patterns such as unusual source ports, TTL (Time to Live) anomalies, or DNS-related alerts. You can even set schedules to silence known activity during specific windows. Each rule is fully manageable with a clear history and individual toggles. Creating these rules is as simple as chatting with AI - just describe the specific behavior you want to bypass in natural language, and Lighthouse will generate the rule. Rules can be configured globally within the settings menu or applied directly from any anomaly screen for immediate refinement.
For additional help with Lighthouse AI, contact support@faddom.com.