Configuring External Risks Observer jobs
You configure a number of External Risk Observer jobs to load data that helps you to determine if your infrastructure is at risk, for example from adverse weather conditions or wildfires.
Before you begin
Ensure you have any required API key and security details to hand, such as user names, passwords, and truststore details, before defining the jobs.
The External Risks Observer is
supported by the GIS (Geographic Information System) capabilities
in IBM Cloud Pak for AIOps. To gain insights from the
external risks data the existing resources need
geolocation data defined. See Resource
mapping and Viewing resources on a
map for more information on configuring geospatial mapping.
Obtaining API connectivity: The observer jobs
extract data through a number of external risk monitoring systems,
such as the Weather Company's Alert APIs, NASA’s MODIS and FIRMS,
and NOAA's Hazard Mapping System, and load appropriate resources
with defined geolocation data. Before you set up these
jobs, you must obtain API keys from these external systems, which
may involve registration or a subscription. See the following sites
for more information:
Enabling access to the URL routes: To access the URL routes for the topology Swagger documentation, see the Enabling access to URL routes topic.
Encryption requirement: See the Configuring observer jobs security topic for more information.
NASA FIRMS disclaimer
The NASA FIRMS 'Country' API is currently unavailable, so the 'Area' API is being used instead. This is a temporary switch and once the Country API becomes available, the Observer will automatically switch back.
About this task
The observer jobs extract data from external risk monitoring systems, and load appropriate resources with defined geolocation data and state. You can then view these resources on a map using the `Proximity mode' feature to determine which existing resources are at risk (for an illustration, see the NASA FIRMS example.)
You define and start the following jobs.
Define NASA-FIRMS jobs
Define or edit the following parameters as appropriate to the job type selected, then click Run job to save and run the job.
| Parameter | Action | Details |
|---|---|---|
| Unique ID | Enter a unique name for the job | Required |
| Map key | Enter the API key for authenticating with the NASA Fire Information for Resource Management System APIs | Required |
| Country | Specify a country as the bounding box for the fires to read into the topology service. | Required |
| Satellite | Select one or more satellites to access fire data | Required |
| Fire Radiative Power | Enter a FRP value to exclude fires that have lower radiative
power. FRP depicts the pixel-integrated fire radiative power in
Megawatts (MW), and the default value is 10.0. |
Required |
| Create polygons | Select true or false to create
polygons based on multiple points and grouped by distance apart.
The default is false. |
Required |
| Distance apart | Enter the maximum distance in kilometers between two fires
before they are considered separate fires. The default is
1.0. The accuracy of distance
calculations is curtailed by the assumption that the Earth is a
perfect sphere. |
Required if Create polygons was set to
'true'. |
| Limit the External Risks observed within bounding window | Limit the geographical area within which risks are identified. Define the window as a polygon using WKT or GeoJSON. | Optional |
| Trust all certificates by bypassing certificate verification | Select true or false from the
drop-down. The default is 'true'. |
Required. When set to 'true', the observer will connect to the target environment without verification of the certificate. |
| Connection timeout | Specify the connection timeout in ms (default is 5000) | Optional |
| Read timeout | Specify the read timeout in ms (default is 5000) | Optional |
| Proxy Host | Specify the proxy host to connect to | Optional |
| Proxy Port | Specify the proxy port, defaults to 8080 | Optional |
| Proxy Username | Specify the proxy user name to connect to. Set for basic auth proxy. | Optional |
| Target system certificate | Specify a certificate by name to load into the truststore | Optional. Required only if Trust all certificates
was set to false. For more information, see the
Configuring observer
jobs security topic. |
| Proxy Password | Specify the password for the proxy user (if Proxy
Username has been specified) |
Optional. Use plain text. |
| SSL certificate validation | Choose whether SSL validation is on or off. Turning SSL validation off will use HTTPS without host verification. | Optional |
| HTTPS truststore file name | Specify the truststore file name if the certificate is being left empty. The observer generates the trust store file based on the file name provided. | Required. The supported format is JKS and the file is relative
to $ASM/HOME/security. |
| Proxy Secure | Specify whether to connect to the proxy in secure mode. Set to True for HTTPS proxy. | Optional. The default is 'false'. |
| truststore file password | Specify the truststore password the observer will use to decrypt the HTTPS truststore file. Use a password that conforms to your internal security requirements. | Required |
| Access scope | Enter text to provide a scope for the resources. Access scope can help map alerts to resources when resources in different scopes share the same parameters, such as matchTokens. | Optional. Tip: You can define access scope for locations, project names, namespaces, etc.
|
| Bulk load job | Select either true or false to
distribute the loading of job data more evenly across partitions.
This is useful if some jobs contain substantially more data than
others. The default is 'false'. |
Optional |
| Generate debug support file | Set this parameter to 'True' in order to capture the output of the next scheduled job run as a file. This file will be stored with an observer's log files and can be used to debug observer issues, for example at the request of your designated support team, or while using a test environment. For one-off jobs (that is, Load jobs), this parameter reverts to 'False' after the next completed run. To examine the output produced, you can load the generated debug file using the File Observer. | Optional |
| Observer job description | Enter additional information to describe the job | Optional |
| Job schedule | Specify when the job runs | Optional. Load jobs only. |
Define Wildfire-v2 jobs
Define or edit the following parameters, then click Run job to save and run the job.
| Parameter | Action | Details |
|---|---|---|
| Unique ID | Enter a unique name for the job | Required |
| API key | Enter the API key for authenticating with the Environmental Intelligence Suite APIs | Required |
| Lookup location details | Select true or false to choose
whether to use Environmental Intelligence Suite APIs to look up
locations to create human-readable resource names. Each resource
requires one API call. The default is false. |
Required |
| Confidence Threshold | Enter a number in the range between zero and hundred to exclude lower confidence detections that fall below the specified value. The default is 65. | Required |
| Limit the External Risks observed within bounding window | Limit the geographical area within which risks are identified. Define the window as a polygon using WKT or GeoJSON. | Optional |
| Trust all certificates by bypassing certificate verification | Select true or false from the
drop-down. The default is 'true'. When set to 'true', the observer
will connect to the target environment without verification of the
certificate. |
Required |
| Connection timeout | Specify the connection timeout in ms (default is 5000) | Optional |
| Read timeout | Specify the read timeout in ms (default is 5000) | Optional |
| Proxy Host | Specify the proxy host to connect to | Optional |
| Proxy Port | Specify the proxy port, defaults to 8080 | Optional |
| Proxy Username | Specify the proxy user name to connect to. Set for basic auth proxy. | Optional |
| Target system certificate | Specify a certificate by name to load into the truststore | Optional. Required only if Trust all certificates
was set to false. For more information, see the
Configuring observer
jobs security topic. |
| Proxy Password | Specify the password for the proxy user (if Proxy
Username has been specified) |
Optional. Use plain text. |
| SSL certificate validation | Choose whether SSL validation is on or off. Turning SSL validation off will use HTTPS without host verification. | Optional |
| HTTPS truststore file name | Specify the truststore file name if the certificate is being left empty. The observer generates the trust store file based on the file name provided. | Required. The supported format is JKS and the file is relative
to $ASM/HOME/security. |
| Proxy Secure | Specify whether to connect to the proxy in secure mode. Set to True for HTTPS proxy. | Optional. The default is 'false'. |
| truststore file password | Specify the truststore password the observer will use to decrypt the HTTPS truststore file. Use a password that conforms to your internal security requirements. | Required |
| Access scope | Enter text to provide a scope for the resources. Access scope can help map alerts to resources when resources in different scopes share the same parameters, such as matchTokens. | Optional. Tip: You can define access scope for locations, project names, namespaces, etc.
|
| Bulk load job | Select either true or false to
distribute the loading of job data more evenly across partitions.
This is useful if some jobs contain substantially more data than
others. The default is 'false'. |
Optional |
| Generate debug support file | Set this parameter to 'True' in order to capture the output of the next scheduled job run as a file. This file will be stored with an observer's log files and can be used to debug observer issues, for example at the request of your designated support team, or while using a test environment. For one-off jobs (that is, Load jobs), this parameter reverts to 'False' after the next completed run. To examine the output produced, you can load the generated debug file using the File Observer. | Optional |
| Observer job description | Enter additional information to describe the job | Optional |
| Job schedule | Specify when the job runs | Optional. Load jobs only. |
Define OSPO-HMS-Fire jobs
Define or edit the following parameters, then click Run job to save and run the job.
| Parameter | Action | Details |
|---|---|---|
| Unique ID | Enter a unique name for the job | Required |
| API key | Enter the API key for authenticating with the Environmental Intelligence Suite APIs | Required |
| Lookup location details | Select true or false to choose
whether to use Environmental Intelligence Suite APIs to look up
locations to create human-readable resource names. Each resource
requires one API call. The default is false. |
Required |
| Limit the External Risks observed within bounding window | Define the window as a polygon using WKT or GeoJSON. | Optional |
| Trust all certificates by bypassing certificate verification | Select true or false from the
drop-down. The default is 'true'. When set to 'true', the observer
will connect to the target environment without verification of the
certificate. |
Required |
| Connection timeout | Specify the connection timeout in ms (default is 5000) | Optional |
| Read timeout | Specify the read timeout in ms (default is 5000) | Optional |
| Proxy Host | Specify the proxy host to connect to | Optional |
| Proxy Port | Specify the proxy port, defaults to 8080 | Optional |
| Proxy Username | Specify the proxy user name to connect to. Set for basic auth proxy. | Optional |
| Target system certificate | Specify a certificate by name to load into the truststore | Optional. Required only if Trust all certificates
was set to false. For more information, see the
Configuring observer
jobs security topic. |
| Proxy Password | Specify the password for the proxy user (if Proxy
Username has been specified) |
Optional. Use plain text. |
| SSL certificate validation | Choose whether SSL validation is on or off. Turning SSL validation off will use HTTPS without host verification. | Optional |
| HTTPS truststore file name | Specify the truststore file name if the certificate is being left empty. The observer generates the trust store file based on the file name provided. | Required. The supported format is JKS and the file is relative
to $ASM/HOME/security. |
| Proxy Secure | Specify whether to connect to the proxy in secure mode. Set to True for HTTPS proxy. | Optional. The default is 'false'. |
| truststore file password | Specify the truststore password the observer will use to decrypt the HTTPS truststore file. Use a password that conforms to your internal security requirements. | Required |
| Access scope | Enter text to provide a scope for the resources. Access scope can help map alerts to resources when resources in different scopes share the same parameters, such as matchTokens. | Optional. Tip: You can define access scope for locations, project names, namespaces, etc.
|
| Bulk load job | Select either true or false to
distribute the loading of job data more evenly across partitions.
This is useful if some jobs contain substantially more data than
others. The default is 'false'. |
Optional |
| Generate debug support file | Set this parameter to 'True' in order to capture the output of the next scheduled job run as a file. This file will be stored with an observer's log files and can be used to debug observer issues, for example at the request of your designated support team, or while using a test environment. For one-off jobs (that is, Load jobs), this parameter reverts to 'False' after the next completed run. To examine the output produced, you can load the generated debug file using the File Observer. | Optional |
| Observer job description | Enter additional information to describe the job | Optional |
| Job schedule | Specify when the job runs | Optional. Load jobs only. |
Define AlertHeadlines jobs
Define or edit the following parameters, then click Run job to save and run the job.
| Parameter | Action | Details |
|---|---|---|
| Unique ID | Enter a unique name for the job | Required |
| API key | Enter the API key for authenticating with the Environmental Intelligence Suite APIs | Required |
| Country Code | Select which country to collect weather alerts for. | Required |
| Language | Specify the language for the weather alerts. Default is US English (en-US) | Required |
| Limit the External Risks observed within bounding window | Define the window as a polygon using WKT or GeoJSON. | Optional |
| Trust all certificates by bypassing certificate verification | Select true or false from the
drop-down. The default is 'true'. When set to 'true', the observer
will connect to the target environment without verification of the
certificate. |
Required |
| Connection timeout | Specify the connection timeout in ms (default is 5000) | Optional |
| Read timeout | Specify the read timeout in ms (default is 5000) | Optional |
| Proxy Host | Specify the proxy host to connect to | Optional |
| Proxy Port | Specify the proxy port, defaults to 8080 | Optional |
| Proxy Username | Specify the proxy user name to connect to. Set for basic auth proxy. | Optional |
| Target system certificate | Specify a certificate by name to load into the truststore | Optional. Required only if Trust all certificates
was set to false. For more information, see the
Configuring observer
jobs security topic. |
| Proxy Password | Specify the password for the proxy user (if Proxy
Username has been specified) |
Optional. Use plain text. |
| SSL certificate validation | Choose whether SSL validation is on or off. Turning SSL validation off will use HTTPS without host verification. | Optional |
| HTTPS truststore file name | Specify the truststore file name if the certificate is being left empty. The observer generates the trust store file based on the file name provided. | Required. The supported format is JKS and the file is relative
to $ASM/HOME/security. |
| Proxy Secure | Specify whether to connect to the proxy in secure mode. Set to True for HTTPS proxy. | Optional. The default is 'false'. |
| truststore file password | Specify the truststore password the observer will use to decrypt the HTTPS truststore file. Use a password that conforms to your internal security requirements. | Required |
| Access scope | Enter text to provide a scope for the resources. Access scope can help map alerts to resources when resources in different scopes share the same parameters, such as matchTokens. | Optional. Tip: You can define access scope for locations, project names, namespaces, etc.
|
| Bulk load job | Select either true or false to
distribute the loading of job data more evenly across partitions.
This is useful if some jobs contain substantially more data than
others. The default is 'false'. |
Optional |
| Generate debug support file | Set this parameter to 'True' in order to capture the output of the next scheduled job run as a file. This file will be stored with an observer's log files and can be used to debug observer issues, for example at the request of your designated support team, or while using a test environment. For one-off jobs (that is, Load jobs), this parameter reverts to 'False' after the next completed run. To examine the output produced, you can load the generated debug file using the File Observer. | Optional |
| Observer job description | Enter additional information to describe the job | Optional |
| Job schedule | Specify when the job runs | Optional. Load jobs only. |
Define WatchesAndWarningsV2 jobs
Define or edit the following parameters, then click Run job to save and run the job.
| Parameter | Action | Details |
|---|---|---|
| Unique ID | Enter a unique name for the job | Required |
| API key | Enter the API key for authenticating with the Environmental Intelligence Suite APIs | Required |
| Region | Select one or more regions to monitor for weather watches and warnings. | Required |
| Type | Select one or more types of weather watches and warnings, such
as Flood or Marine. |
Required |
| Limit the External Risks observed within bounding window | Define the window as a polygon using WKT or GeoJSON. | Optional |
| Trust all certificates by bypassing certificate verification | Select true or false from the
drop-down. The default is 'true'. When set to 'true', the observer
will connect to the target environment without verification of the
certificate. |
Required |
| Connection timeout | Specify the connection timeout in ms (default is 5000) | Optional |
| Read timeout | Specify the read timeout in ms (default is 5000) | Optional |
| Proxy Host | Specify the proxy host to connect to | Optional |
| Proxy Port | Specify the proxy port, defaults to 8080 | Optional |
| Proxy Username | Specify the proxy user name to connect to. Set for basic auth proxy. | Optional |
| Target system certificate | Specify a certificate by name to load into the truststore | Optional. Required only if Trust all certificates
was set to false. For more information, see the
Configuring observer
jobs security topic. |
| Proxy Password | Specify the password for the proxy user (if Proxy
Username has been specified) |
Optional. Use plain text. |
| SSL certificate validation | Choose whether SSL validation is on or off. Turning SSL validation off will use HTTPS without host verification. | Optional |
| HTTPS truststore file name | Specify the truststore file name if the certificate is being left empty. The observer generates the trust store file based on the file name provided. | Required. The supported format is JKS and the file is relative
to $ASM/HOME/security. |
| Proxy Secure | Specify whether to connect to the proxy in secure mode. Set to True for HTTPS proxy. | Optional. The default is 'false'. |
| truststore file password | Specify the truststore password the observer will use to decrypt the HTTPS truststore file. Use a password that conforms to your internal security requirements. | Required |
| Access scope | Enter text to provide a scope for the resources. Access scope can help map alerts to resources when resources in different scopes share the same parameters, such as matchTokens. | Optional. Tip: You can define access scope for locations, project names, namespaces, etc.
|
| Bulk load job | Select either true or false to
distribute the loading of job data more evenly across partitions.
This is useful if some jobs contain substantially more data than
others. The default is 'false'. |
Optional |
| Generate debug support file | Set this parameter to 'True' in order to capture the output of the next scheduled job run as a file. This file will be stored with an observer's log files and can be used to debug observer issues, for example at the request of your designated support team, or while using a test environment. For one-off jobs (that is, Load jobs), this parameter reverts to 'False' after the next completed run. To examine the output produced, you can load the generated debug file using the File Observer. | Optional |
| Observer job description | Enter additional information to describe the job | Optional |
| Job schedule | Specify when the job runs | Optional. Load jobs only. |