Every subsequent API request will be classified as either normal or anomalous, depending on whether or not it is a threat. Additional information is included in the event, such as the part of the API request which is most suspicious, and a score which enables you to see the worst potential threats.