---

title: FAQ¶

Frequently Asked Questions¶

How does ecOS differ from a traditional SIEM?
ecOS is endpoint‑first and autonomous: it senses locally, reasons with explainable outputs, and enforces policies with STRIDE. It can complement or, in some settings, reduce reliance on centralized SIEM‑only workflows.

What is SRGL?
A closed‑loop learning framework that continuously proposes, validates, reinforces, and deploys improved detections and policies based on outcomes and feedback.

What’s the role of LTM?
LTM normalizes telemetry, preserves raw context, correlates across time/sources, and stores labels/feedback to improve models.

What is the “Efference Gate”?
A control point that triggers simulation and safe autonomy when confidence/intuition exceed thresholds.

Do I need a GPU?
ecOS emphasizes local, efficient inference. Requirements depend on chosen models/policies. Start with CPU‑only; scale as needed.

How do I validate reported metrics (e.g., FP reduction, TCO)?
Use structured pilots with baselines, shared ground truth, and pre‑agreed KPIs. See the Prospect X case study for the reported context.