enable_advanced_threat_scanning

This command enables the threat detection analytics processes to check for specific database attacks such as SQL injection and malicious stored procedures.

This API is available in Guardium V10.1.4 and later.

REST API syntax

This API is available as a REST service with the PUT method. Call this API as follows:
PUT https://[Guardium hostname or IP address]:8443/restAPI/enable_advanced_threat_scanning

GuardAPI syntax

enable_advanced_threat_scanning parameter=value

Parameters

Parameter Value type Description
all Boolean In a central management configuration only, enables all threat detection scanners on all managed units. This is equivalent to the "all" option for the parameter api_target_host. Valid values:
  • 0 (false)
  • 1 (true)
Default = 0 (false)
schedule_start Date Specifies the date and time to start running the processes, in the format is yyyy-mm-dd hh:mm:ss (24-hour clock).
api_target_host String

Specifies the target hosts where the API executes. Valid values:
  • all_managed: execute on all managed units but not the central manager
  • all: execute on all managed units and the central manager
  • group:<group name>: execute on all managed units identified by <group name>
  • host name or IP address of a managed unit: specified from the central manager to execute on a managed unit.  For example, api_target_host=10.0.1.123.
  • host name or IP address of the central manager: specified from a managed unit to execute on the central manager. For example, api_target_host=10.0.1.123.

IP addresses must conform to the IP mode of your network. For dual IP mode, use the same IP protocol with which the managed unit is registered with the central manager. For example, if the registration uses IPv6, specify an IPv6 address. The hostname is independent of IP mode and can be used with any mode.

Examples

To enable advanced threat analytics:

grdapi enable_advanced_threat_scanning all=true schedule_start="2016-03-24 12:00:05” 
If threat analytics is enabled, but outlier detection is not enabled, the system responds:
Warning - Enabling advance threat scanning (AKA Eagle Eye) when Analytic anomaly detection is disabled.
Advance threat scanning (AKA Eagle Eye) enabled.
ok