IBM Security Join our 16,000+ members as we work together to overcome the toughest challenges of cybersecurity. Join the Community
Outlier Detection and Active Threats Analytics (ATA) initially learn the normal behavior and activities of your system, and build a representative profile of datasources and users. Once it has a baseline, Guardium analyzes new activities and fires alerts on abnormal activities or suspicious patterns of threats. Some customers have requested a shorter initial learning-period:
To switch from the default mode to the swift mode (AKA “demo” mode), that will change the thresholds and shorten the training period, just run the following API:
set_outliers_detection_demo_mode
Return to the default mode by running: set_outliers_detection_to_factory_settings Run the API on the system where outlier mining runs (or use the remote_source option). More info is available in the InfoCenter.