GuardAPI Investigation Dashboard Functions
Use these GuardAPI commands to enable, disable, or configure Investigation Dashboard features and parameters.
Note that the Investigation Dashboard includes the Quick Search Results Table, in addition to the Activity Chart, and various other pre-defined charts.
disable_quick_search
Disable Investigation Dashboard functionality.
grdapi disable_quick_search
Parameter | Value | Description |
---|---|---|
all | true or false |
In an environment with a Central Manager, use this parameter to disable search on all managed units. For example, all=true. This parameter is optional. |
api_target_host | hostname or IP address |
api_target_host is an optional parameter
that specifies target hosts where the API executes. It accepts the following values:
|
enable_quick_search
Enable Investigation Dashboard functionality.
grdapi enable_quick_search schedule_interval=[value] schedule_units=[value]
For example, the following command enables the Investigation Dashboard with a 2-minute data
extraction interval: grdapi enable_quick_search schedule_interval=2
schedule_units=MINUTE
.
Parameter | Value | Description |
---|---|---|
all | true or false |
In an environment with a Central Manager, use this parameter to enable search on all managed units. For example, all=true. This parameter is optional. |
api_target_host | hostname or IP address |
api_target_host is an optional parameter
that specifies target hosts where the API executes. It accepts the following values:
|
extraction_start | date |
Define the date by which to start the extraction of audit data for search. If this parameter is omitted, extraction starts immediately. This parameter is optional. |
includeViolations | true or false |
Determine whether to include violations in the search indexes. Omitting violations can help reduce the size of search indexes. This parameter is optional. |
schedule_interval | integer |
Used with the schedule_units parameter to define the interval for extracting audit data. For example, schedule_interval=2 schedule_units=MINUTE. This parameter is required. |
schedule_start | date |
Date on which to begin following the extraction interval defined by the schedule_interval and schedule_units parameters. This parameter is optional. |
schedule_units | HOUR or MINUTE |
Used with the schedule_interval parameter to define the interval for extracting audit data. For example, schedule_interval=2 schedule_units=MINUTE. This parameter is required. |
set_enterprise_search_options
Define the search mode for the Investigation Dashboard .
grdapi set_enterprise_search_options distributed_search=[value]
For example, the following command configures the Investigation Dashboard in
all_machines mode to allow searching of data across the entire Guardium
environment from any Guardium machine in that environment: grdapi
set_enterprise_search_options distributed_search=all_machines
.
Parameter | Value | Description |
---|---|---|
api_target_host | hostname or IP address |
api_target_host is an optional parameter
that specifies target hosts where the API executes. It accepts the following values:
|
distributed_search | cm_only, , or all_machines |
This parameter is required, and the default value is cm_only. |