Imagine submitting a file to a specific ML model for a signature-less and quick "Yes/No" about if it is malicious or not. Then if it comes back as malicious the response includes a list - in chronological order - of where the file has been seen before. Though most of those results will already be detected/mitigated from an agent of the same ML model installed on them, you would be able see the first time the file arrived and investigate possible propagation. #SoCo