Outlier Detection and Active Threats Analytics (ATA) initially learn the normal behavior and activities of your system, and build a representative profile of datasources and users. Once it has a baseline, Guardium analyzes new activities and fires alerts on abnormal activities or suspicious patterns of threats. Some customers have requested a shorter initial learning-period:
To switch from the default mode to the swift mode (AKA “demo” mode), that will change the thresholds and shorten the training period, just run the following API:
Return to the default mode by running: set_outliers_detection_to_factory_settings Run the API on the system where outlier mining runs (or use the remote_source option). More info is available in the InfoCenter.