Find out how to add groups, for example user or object groups, to the default outlier
detection algorithm.
About this task
By default, there are two groups of users and objects that are weighted or scored more heavily by
Guardium® machine-learning algorithm: Admin Users and
Sensitive Objects. However, you may have already established additional groups that would also be
useful for outlier detection. For example, you may have a group of Suspicious Users or you may have
several different groups of sensitive objects that are aligned with different applications.
Procedure
-
This task requires that you know the internal group ID to use with the grdapi command. To get
the group ID, you can use the following command:
grdapi list_group_by_desc desc=[group
name]
. For example, if you have a group named BadGuys, you can enter the following command
to get its internal group ID:
grdapi list_group_by_desc desc=”BadGuys”
-
Once you know the desired ID, add it as privileged user group for a boosted score as follows
(note that you must also include the default group 1 if you want to boost scores for that as well).
To add a group with the ID 1234: grdapi set_outliers_detection_parameter
parameter_name="privUsersGroupIds" parameter_value=1,1234
-
To add sensitive objects with the IDs 333 and 156: set_outliers_detection_parameter
parameter_name="sensitiveObjectGroupIds" parameter_value=5,333,156
Results
The specified groups or sensitive objects are added to the outlier detection and are given
additional weight by the algorithm.