IBM Security Guardium

Accelerating the Analysis of Active Threat Analytics

By ODED SOFER posted Fri March 20, 2020 02:43 AM



Outlier Detection and Active Threats Analytics (ATA) initially learn the normal behavior and activities of your system, and build a representative profile of datasources and users. Once it has a baseline, Guardium analyzes new activities and fires alerts on abnormal activities or suspicious patterns of threats. Some customers have requested a shorter initial learning-period:

  • To learn the process flow
  • For testing purposes in the QA / Production environment. For example, to test creating a ticket in ServiceNow
  • For demo purposes
  • To quickly get the initial RiskSpotter results, and build the related company processes around the findings.

To switch from the default mode to the swift mode (AKA “demo” mode), that will change the thresholds and shorten the training period, just run the following API:


Return to the default mode by running: set_outliers_detection_to_factory_settings  Run the API on the system where outlier mining runs (or use the remote_source option). 

More info is available in the InfoCenter.