In the Users field of certain protocols such as Database and Storage, the usernames Anonymous and Unknown may appear. These usernames are described below.
Anonymous - This means that the login was encrypted, so the ExtraHop could not get the username. This can be overcome by loading the server certificate into the ExtraHop.
Unknown - This means that the ExtraHop missed the login, most likely because of desyncs.
Also of note, there is a Username of Pre-Login - which is ExtraHop counting login type messages before it has seen the username packet. For more information on this, please see the article on The Pre-Login User.