Reading the Evidence Box (Deterministic vs AI)

4 min read

Every Burrow alert has the same two-part anatomy: deterministic evidence Burrow extracted from Microsoft's audit feed, and an AI narrative that explains the evidence in human terms. Understanding the boundary between the two is the difference between trusting Burrow's output and second-guessing it.

What's deterministic, what's AI

Burrow generates an alert by running rules over per-user counters. Everything in the alert's KEY METRICS table and TOP EVIDENCE section comes directly from those counters — exact counts, exact byte volumes, exact filenames, exact timestamps, exact geographies. None of it is generated.

The WHY THIS MATTERS narrative is AI-written. The AI reads the alert's deterministic evidence plus the user's behavioural baseline and writes 2–4 sentences explaining what's unusual.

Burrow's AI safety check verifies, before the narrative ever reaches your screen, that every number and every name in the narrative appears in the underlying evidence. If the AI introduces a fact that isn't there (a "hallucination"), the narrative is rejected and a plain deterministic template replaces it. So you can trust the numbers — they're either the real ones, or you're reading the template fallback (which is still correct).

Where the AI verdict surfaces. Beyond writing the narrative, the AI also records a YES / NO verdict on whether the alert looks genuine. A NO verdict (visible as the AI · NO badge on the row) now affects more than just whether the alert email was sent — it also files the alert under Dismissed in the Alerts page view, so the default Active queue stays focused on what still needs an operator. Operator override always wins: setting Acknowledged / Investigating / Escalated returns the alert to those tabs.

Anatomy of the drill drawer

Click any alert on the Alerts page. The drill drawer opens with these sections, top to bottom:

Severity badge (Critical / High / Medium / Low / Info), category name (e.g. data_exfiltration_high), the entity's UPN, the time the alert was emitted, and a MITRE ATT&CK technique ID (e.g. T1567.002).

WHY THIS MATTERS

The AI narrative. 2–4 sentences. The job of this section is to save you from reading the raw numbers if the alert is mundane. If you want to verify a specific claim, the deterministic source is right below.

If you ever see a paragraph that reads like a generic "the user did N events of category X" template instead of natural prose, that's the AI safety check fallback — the AI's first attempt was rejected for inventing a fact and the system fell back to a deterministic template. Treat the metrics as authoritative; the prose just lacks flavour.

KEY METRICS

A deterministic table. Typical fields depend on the rule but include some of: total events, distinct files, bytes downloaded, manual vs sync downloads, distinct sites, distinct geographies, distinct IPs, labelled-file count, sharing operations (with external / anonymous / org-link breakdowns), recycle-bin restores, audit-tampering events.

Every number here came straight from Microsoft's audit feed via Burrow's rules engine — no inference, no estimation.

TOP EVIDENCE

A sample of the individual audit events that contributed to the counters. Each row: timestamp (UTC), operation (FileDownloaded, FileDeleted, SharingSet, etc.), file or object name, source IP and geography.

The full event set lives in the activity event store (queryable in Forage) — this section just shows a sample for inline triage.

Entity link

Click the user's UPN to open the Identity dossier and compare today's behaviour against the user's baseline.

Chat

A persistent free-form Q&A panel scoped to this alert. See Per-alert AI chat.

Disposition buttons

Real / Not real / Maybe. See Dispositions for what each one actually does.

When the deterministic and narrative disagree

If the narrative says "downloaded 1.2 GB" but the KEY METRICS show 800 MB, trust the metrics. The AI safety check should catch this kind of disagreement before you see it, but if a discrepancy slips through, the deterministic side is always the source of truth.

Raise a support ticket if you see a narrative that mismatches its evidence — that's a safety-check miss the engineering team wants to know about.