As a design decision NormShield can produce two kinds of findings; Vulnerability and Alarm.
In simplest term vulnerabilities are produced through web or network vulnerability scanning processes. For example a critical Microsoft weakness MS15-037 is a finding of type vulnerability in NormShield.
The rest of findings are alarms. Intelligence, monitoring, weaknesses through passive analysis, threat analysis are the modules that can produce alarms. For example, a finding that stems from a domain whose registration expiration date is approaching is an alarm.
In simplest term alarms are the anomaly notifications that can mostly classified as non technical vulnerabilities.