GuardAPI Investigation Dashboard Functions

Use these GuardAPI commands to enable, disable, or configure Investigation Dashboard features and parameters.

Note that the Investigation Dashboard includes the Quick Search Results Table, in addition to the Activity Chart, and various other pre-defined charts.

disable_quick_search

Disable Investigation Dashboard functionality.

grdapi disable_quick_search

Parameter Value Description

Parameter	Value	Description
all	`true` or `false`	In an environment with a Central Manager, use this parameter to disable search on all managed units. For example, `all=true`. This parameter is optional.
api_target_host	hostname or IP address	api_target_host is an optional parameter that specifies target hosts where the API executes. It accepts the following values: `all_managed`: execute on all managed units but not the central manager `all`: execute on all managed units and the central manager `group:<group name>`: execute on all managed units identified by `<group name>` host name or IP address of a managed unit: specified from the central manager to execute on a managed unit. For example, `api_target_host=10.0.1.123`. host name or IP address of the central manager: specified from a managed unit to execute on the central manager. For example, `api_target_host=10.0.1.123`.

all

true or false

In an environment with a Central Manager, use this parameter to disable search on all managed units. For example, all=true.

This parameter is optional.

api_target_host

hostname or IP address

api_target_host is an optional parameter that specifies target hosts where the API executes. It accepts the following values:

all_managed: execute on all managed units but not the central manager
all: execute on all managed units and the central manager
group:<group name>: execute on all managed units identified by <group name>
host name or IP address of a managed unit: specified from the central manager to execute on a managed unit. For example, api_target_host=10.0.1.123.
host name or IP address of the central manager: specified from a managed unit to execute on the central manager. For example, api_target_host=10.0.1.123.

enable_quick_search

Enable Investigation Dashboard functionality.

grdapi enable_quick_search schedule_interval=[value] schedule_units=[value]

For example, the following command enables the Investigation Dashboard with a 2-minute data extraction interval: grdapi enable_quick_search schedule_interval=2 schedule_units=MINUTE.

Parameter	Value	Description
all	`true` or `false`	In an environment with a Central Manager, use this parameter to enable search on all managed units. For example, `all=true`. This parameter is optional.
api_target_host	hostname or IP address	api_target_host is an optional parameter that specifies target hosts where the API executes. It accepts the following values: `all_managed`: execute on all managed units but not the central manager `all`: execute on all managed units and the central manager `group:<group name>`: execute on all managed units identified by `<group name>` host name or IP address of a managed unit: specified from the central manager to execute on a managed unit. For example, `api_target_host=10.0.1.123`. host name or IP address of the central manager: specified from a managed unit to execute on the central manager. For example, `api_target_host=10.0.1.123`.
extraction_start	date	Define the date by which to start the extraction of audit data for search. If this parameter is omitted, extraction starts immediately. This parameter is optional.
includeViolations	`true` or `false`	Determine whether to include violations in the search indexes. Omitting violations can help reduce the size of search indexes. This parameter is optional.
schedule_interval	integer	Used with the schedule_units parameter to define the interval for extracting audit data. For example, `schedule_interval=2 schedule_units=MINUTE`. This parameter is required.
schedule_start	date	Date on which to begin following the extraction interval defined by the schedule_interval and schedule_units parameters. This parameter is optional.
schedule_units	`HOUR` or `MINUTE`	Used with the schedule_interval parameter to define the interval for extracting audit data. For example, `schedule_interval=2 schedule_units=MINUTE`. This parameter is required.

set_enterprise_search_options

Define the search mode for the Investigation Dashboard .

grdapi set_enterprise_search_options distributed_search=[value]

For example, the following command configures the Investigation Dashboard in all_machines mode to allow searching of data across the entire Guardium environment from any Guardium machine in that environment: grdapi set_enterprise_search_options distributed_search=all_machines.

Parameter Value Description

Parameter	Value	Description
api_target_host	hostname or IP address	api_target_host is an optional parameter that specifies target hosts where the API executes. It accepts the following values: `all_managed`: execute on all managed units but not the central manager `all`: execute on all managed units and the central manager `group:<group name>`: execute on all managed units identified by `<group name>` host name or IP address of a managed unit: specified from the central manager to execute on a managed unit. For example, `api_target_host=10.0.1.123`. host name or IP address of the central manager: specified from a managed unit to execute on the central manager. For example, `api_target_host=10.0.1.123`.
distributed_search	cm_only, , or all_machines	cm_only Searches submitted from a Central Manager return results from across the Guardium environment, but searches submitted from managed units only return local results from that managed units all_machines Searches can be submitted from any machine and return results from across the Guardium environment. This parameter is required, and the default value is cm_only.

api_target_host

hostname or IP address

api_target_host is an optional parameter that specifies target hosts where the API executes. It accepts the following values:

all_managed: execute on all managed units but not the central manager
all: execute on all managed units and the central manager
group:<group name>: execute on all managed units identified by <group name>
host name or IP address of a managed unit: specified from the central manager to execute on a managed unit. For example, api_target_host=10.0.1.123.
host name or IP address of the central manager: specified from a managed unit to execute on the central manager. For example, api_target_host=10.0.1.123.

distributed_search

cm_only, , or all_machines

cm_only: Searches submitted from a Central Manager return results from across the Guardium environment, but searches submitted from managed units only return local results from that managed units
all_machines: Searches can be submitted from any machine and return results from across the Guardium environment.

This parameter is required, and the default value is cm_only.