This option helps to set Machine Learning for machine learning activity. You can add these jobs as dashlets under Machine Learning –> Security / Operations. Correlation Settings has been added in Machine Learning to know about the new activities that are occuring in an enterprise. The purpose of the rule is to know the applications that are being used by various users and to be alerted when a new application is detected in the enterprise. The Top 5 activities are displayed for last 1 day except the Logon failure activity which is shown for last 7days.
1 To set Machine Learning Jobs, click the Admin, and then click Machine Learning Jobs. EventTracker displays the Machine Learning Jobs page with pre-defined jobs.
|
2 NOTE |
|
A job is a set of rules based on which new activities and Anomalies are identified in an Environment. |
|
Field |
Description |
|
Job Name |
Name of the Job. |
|
Influencers |
Based on this configuration, EventTracker displays the influencer details on the Machine Learning page. |
|
Field/split data |
Name of the custom column. |
|
Active |
Clear this checkbox to inactivate the Machine Learning Jobs (Dashlet). |
|
Delete |
To delete a Job Name |
|
Activation/Deactivation Time |
Displays the time of activation or deactivation |
This option helps to add Machine Learning Jobs.
1. To add Machine Learning Jobs in Machine Learning Jobs page, click Add Jobs.
EventTracker displays the Job Management page.
|
‘Threshold settings’ fields |
Description |
|
Learning settings |
Learn by duration period (in minutes). The Machine Learning of custom job will be monitored for the set learning period and a threshold value will be benchmarked. |
|
Job Settings |
The Job check can be done with With global value/With custom value/Never. Perform Never: Job check will not be performed. With global value: The Job check will be performed based on the global Machine Learning settings. With custom value: The Job check will be performed according to the Job check settings provided in the Machine Learning job. |
|
Bucket Span |
The custom job will be evaluated every ‘N’ minute to analyze the activities. The custom rule will be monitored for the duration specified in this field for the respective frequency. |
|
Variation |
The variation percentage can be added manually to decide the anomalous activities. |
2. In the Matching Rule field, provide a name for the new Jobs.
Ex: Audit Success.
3. Click the Add button to add event details.
EventTracker displays the Event Configuration dialog box.
4. Enter appropriate details in the respective fields, and then click Add.
The newly created event rule gets listed on Matching Rule tab.
5. Click the Extraction Rule tab.
|
2 NOTE |
|
You can select processing rule from a custom list or you can configure it on your own. You can also consider the combination of Influencer and Extraction rule as activity name by selecting the check box as highlighted in the figure above.
|
6. Select the Extraction rule from Available list or using Add new button.
Available list – It is a pre-defined rule set.
a. Select the checkbox to add a Token-value as Extraction rule, and then click the OK button.
These Token-values are extracted from ‘Event Description’.
(OR)
Select an appropriate option from the Standard column drop-down list.
These column names are extracted from ‘Event Properties’.
EventTracker adds the Extraction rule.
7. Click the Add button.
EventTracker displays the required fields for you to enter.
Enter appropriate data in the relevant fields, and then click the Add button.
8. Add Influencer column details.
These fields are mandatory. Click Save.
9. EventTracker displays the Machine Learning Jobs page with newly added job(s).
1. Click Machine Learning; select the Customize option from the drop-down list. Available Dashlets dialog box displays the newly added Machine Learning Jobs as a dashlet
2. Check the newly created Machine Learning Jobs option, and then click Add.
EventTracker displays the dashlet on the Machine Learning dashboard.
3. Click a donut on the chart or a legend to view non-admin user activity details.
EventTracker displays the “Model Explorer” page.