enable_outliers_detection

Run this command to enable outliers detection.

The command affects the Guardium systems differently, depending on their setup.
Single CM environment
Enable outliers detection on a CM to enable outliers detection on all managed units, and on all units registered to the CM thereafter, by running the API command with no additional parameters. You can limit the scope to a list of units.
Enable outliers detection on a collector that extracts data to an aggregator. Outliers detection is enabled on the aggregator (if not already enabled) and the collector starts sending data to the aggregator.
Multi-CM environment
Enable outliers detection on a CM to enable outliers detection on all managed units, and on all units registered to the CM thereafter, by running the API command with no additional parameters. You can limit the scope to a list of units.
When you enable outliers on a collector that extracts data to an aggregator that is not in the same CM environment as the collector:
  • The collector starts sending data to the aggregator
  • The API responds with the name of the aggregator that needs to be enabled for outliers detection
When you enable outliers on an aggregator, outliers detection is enabled and collectors in the same CM environment start sending data. If the aggregator receives data from collectors in a different CM environment, the API responds with list of all collectors that need to be enabled for outliers detection.
To enable on individual aggregators or collectors, use the commands enable_outliers_detection_cross_cm_agg and enable_outliers_detection_cross_cm_collector.
Single Collector
Run the command on a collector that does not extract data to an aggregator, to enable it locally.

This API is available in Guardium V9.5 and later.

REST API syntax

This API is available as a REST service with the PUT method. Call this API as follows:
PUT https://[Guardium hostname or IP address]:8443/restAPI/enable_outliers_detection

GuardAPI syntax

enable_outliers_detection parameter=value

Parameters

Parameter Value type Description
DAM_FAM String Specifies the type of outliers. Valid values:
  • DAM
  • FAM
Default = DAM.
extraction_start date in format: yyyy-mm-dd hh:mm:ss Delays the start of data extraction. When not specified, data extraction starts immediately.
managed_units_hostnames String Comma-separated list of specific managed units on which the command is executed. Optional when you run the API on the CM.
schedule_interval String Ignored.
schedule_start Date Ignored.
schedule_units String Ignored.
api_target_host String

Specifies the target hosts where the API executes. Valid values:
  • all_managed: execute on all managed units but not the central manager
  • all: execute on all managed units and the central manager
  • group:<group name>: execute on all managed units identified by <group name>
  • host name or IP address of a managed unit: specified from the central manager to execute on a managed unit.  For example, api_target_host=10.0.1.123.
  • host name or IP address of the central manager: specified from a managed unit to execute on the central manager. For example, api_target_host=10.0.1.123.

IP addresses must conform to the IP mode of your network. For dual IP mode, use the same IP protocol with which the managed unit is registered with the central manager. For example, if the registration uses IPv6, specify an IPv6 address. The hostname is independent of IP mode and can be used with any mode.

Examples

Run this command on the CM to enable the outliers detection on all the units under the CM and on all units that will be registered to the CM thereafter:
grdapi enable_outliers _detection
Run this command on the CM to enable the outliers detection on all the managed units of groupA:
grdapi enable_outliers _detection group_descriptions=groupA
Run this command on the central manager of a cross-CM environment to enable outliers detection on the cross-CM aggreator:
grdapi enable_outliers_detection
Machines found: [<server1>, <server2>]
Machines not found: []
Aggs: []
Cross CM aggs: [<server2>]
Cross CM Col: []
Standalone Coll: []
Enabling outlier detection on cross cm aggregator: <server2>. Please make sure that you have enabled outliers detection on the following Cross-CM Collectors: [<server1>].
Analytic anomaly detection is enabled.
ok