Feature flag for outliers

The outliers feature flag enables and controls the behavior of the outliers engine in Guardium® Data Security Center.

Depending on its configuration, Guardium Data Security Center identifies outliers in several ways:
  • calculating outliers based on traffic from Guardium Data Security Center sources like cloud connections and universal connectors
  • calculating outliers based on summarized data that is exported from a Guardium Data Protection system
  • receiving pre-calculated outliers information that is exported from a Guardium Data Protection system where outliers detection is enabled
Feature flags control which of these methods are used and in what combination. The available flags and typical configuration scenarios are described in this document. Use the feature_flags API to view and modify feature flags settings. For more information, see Using the Guardium Data Security Center API.

Available flags

OUTLIERS

The OUTLIERS flag is enabled by default.

When the OUTLIERS flag is disabled, the following flags are also disabled: OUTLIERS_ENGINE, GDP_OUTLIER_SUMMARIZED, and OUTLIER_NATIVE_GI_DATASOURCES.

Disabling the OUTLIERS flag completely disables the use of outliers in Guardium Data Security Center such that Guardium Data Security Center does not calculate outliers itself or use outliers that are calculated by Guardium Data Protection.


OUTLIERS_ENGINE

The OUTLIERS_ENGINE flag is enabled by default.

When the OUTLIERS_ENGINE flag is disabled, the following flags are also disabled: GDP_OUTLIER_SUMMARIZED, and OUTLIER_NATIVE_GI_DATASOURCES.

Disabling the OUTLIERS_ENGINE flag disables the calculation of outliers by Guardium Data Security Center. However, when OUTLIERS_ENGINE is disabled, Guardium Data Security Center can still receive and use pre-calculated outliers from Guardium Data Protection systems where outliers processing is enabled.


GDP_OUTLIER_SUMMARIZED

The GDP_OUTLIER_SUMMARIZED flag is enabled by default.

Disabling the GDP_OUTLIER_SUMMARIZED flag prevents Guardium Data Security Center from calculating outliers based on summarized data from Guardium Data Protection. However, when GDP_OUTLIER_SUMMARIZED is disabled, Guardium Data Security Center still receives and uses pre-calculated outliers from Guardium Data Protection systems where outliers processing is enabled.


OUTLIER_NATIVE_GI_DATASOURCES

The OUTLIER_NATIVE_GI_DATASOURCES flag is enabled by default.

Disabling the OUTLIER_NATIVE_GI_DATASOURCES flag prevents Guardium Data Security Center from calculating outliers that are based on traffic from sources like cloud connections and universal connectors. When OUTLIER_NATIVE_GI_DATASOURCES is disabled, Guardium Data Security Center can still receive and process summarized data or pre-calculated outliers information from Guardium Data Protection systems.


Scenarios

Guardium Data Security Center calculates outliers from all available data
This is the default configuration. Feature flag settings:
  • OUTLIERS is enabled
  • OUTLIERS_ENGINE is enabled
  • GDP_OUTLIER_SUMMARIZED is enabled
  • OUTLIER_NATIVE_GI_DATASOURCES is enabled
Data marts from Guardium Data Protection:
  • Analytic Outliers Extraction
Outliers are calculated by Guardium Data Security Center using data from Guardium Data Security Center sources like cloud and universal connector traffic and summarized data from Guardium Data Protection. In this scenario, outliers detection should not need to be enabled on the Guardium Data Protection system since pre-calculated outliers are not exported to Guardium Data Security Center.

Guardium Data Security Center calculates outliers but only from Guardium Data Protection summarized data
Feature flag configuration:
  • OUTLIERS is enabled
  • OUTLIERS_ENGINE is enabled
  • GDP_OUTLIER_SUMMARIZED is enabled
  • OUTLIER_NATIVE_GI_DATASOURCES is disabled
Data marts from Guardium Data Protection:
  • Analytic Outliers Extraction
Outliers are calculated by Guardium Data Security Center using summarized data from Guardium Data Protection. Data from Guardium Data Security Center sources like cloud and universal connector traffic is not used for outliers calculation. In this scenario, outliers detection does not need to be enabled on the Guardium Data Protection system since pre-calculated outliers are not exported to Guardium Data Security Center.

Guardium Data Security Center calculates outliers from Guardium Data Security Center sources like cloud and universal connector traffic but uses pre-calculated outliers from Guardium Data Protection
Feature flag configuration:
  • OUTLIERS is enabled
  • OUTLIERS_ENGINE is enabled
  • GDP_OUTLIER_SUMMARIZED is disabled
  • OUTLIER_NATIVE_GI_DATASOURCES is enabled
Data marts from Guardium Data Protection:
  • Outliers Summary by hour
  • Outliers List
  • Aggregator Outliers Summary by hour
  • Aggregator Outliers List.
Outliers are calculated by Guardium Data Security Center using data from Guardium Data Security Center sources like cloud and universal connector traffic. Additional outliers data is pre-calculated and provided by Guardium Data Protection. This scenario requires that outliers detection is enabled on the Guardium Data Protection system.

Guardium Data Security Center does not calculate any outliers but uses pre-calculated outliers from Guardium Data Protection
Feature flag configuration:
  • OUTLIERS is enabled
  • OUTLIERS_ENGINE is disabled
    Note:
    • Disabling OUTLIERS_ENGINE also disables GDP_OUTLIER_SUMMARIZED and OUTLIER_NATIVE_GI_DATASOURCES.
    • The behaviour of this configuration is equivalent to enabling the OUTLIERS and OUTLIERS_ENGINE flags while disabling the GDP_OUTLIER_SUMMARIZED and OUTLIER_NATIVE_GI_DATASOURCES flags.
Data marts from Guardium Data Protection:
  • Outliers Summary by hour
  • Outliers List
  • Aggregator Outliers Summary by hour
  • Aggregator Outliers List.
No outliers are calculated by Guardium Data Security Center. Outliers data is pre-calculated and provided by Guardium Data Protection. This scenario requires that outliers detection is enabled on the Guardium Data Protection system.

Outliers are completely disabled in Guardium Data Security Center
Feature flag configuration:
  • OUTLIERS is disabled
    Note: Disabling OUTLIERS also disables OUTLIERS_ENGINE, GDP_OUTLIER_SUMMARIZED, and OUTLIER_NATIVE_GI_DATASOURCES.
Data marts from Guardium Data Protection:
  • none
Guardium Data Security Center does not itself calculate outliers or receive outliers data that is calculated by Guardium Data Protection.