Outlier Detection and Active Threats Analytics (ATA) initially learn the normal behavior and activities of your system, and build a representative profile of datasources and users. Once it has a baseline, Guardium analyzes new activities and fires alerts on abnormal activities or suspicious patterns of threats. Some customers have requested a shorter initial learning-period:

• To learn the process flow
• For testing purposes in the QA / Production environment. For example, to test creating a ticket in ServiceNow
• For demo purposes
• To quickly get the initial RiskSpotter results, and build the related company processes around the findings.

To switch from the default mode to the swift mode (AKA “demo” mode), that will change the thresholds and shorten the training period, just run the following API:

           set_outliers_detection_demo_mode    

Return to the default mode by running: set_outliers_detection_to_factory_settings  Run the API on the system where outlier mining runs (or use the remote_source option). 

More info is available in the InfoCenter.