Enabling and disabling the Investigation Dashboard

This topic describes how to enable and disable the Investigation Dashboard.

Before you begin

The Investigation Dashboard has following minimum hardware requirements:
  • 64-bit architecture
  • 24 GB RAM
  • 4-core CPU
  • Investigation Dashboard functionality opens ports 8983 and 9983 on both Central managers and collectors. The ports are opened when the Investigation Dashboard is enabled and closed when it is disabled. To use the Investigation Dashboard, ensure that bidirectional communication between Central managers and collectors on ports 8983 and 9983 is not blocked by any firewall.
Restriction: The Investigation Dashboard and Data Level Security cannot be enabled concurrently.

Procedure

  1. Log in to the Guardium system as a user or administrator with the CLI role.
  2. Enable the Investigation Dashboard with the GuardAPI command: 
    grdapi enable_quick_search schedule_interval=2 schedule_units=MINUTE
    To enable the Investigation Dashboard on all managed units of an environment, use the all=true parameter:
    rdapi enable_quick_search schedule_interval=2 schedule_units=MINUTE all=true

    This GuardAPI executes many configuration scripts and, depending on the current unit status, can be time consuming.

    By default, violations are not included in search results. To include violations, set the includeViolations parameter to true:
    grdapi enable_quick_search schedule_interval=2 schedule_units=MINUTE includeViolations=true

    To enable outlier detection, see Outlier Detection.

    Additional parameters may be specified, such as the search index update interval. For a complete list of parameters and descriptions, see the GuardAPI Investigation Dashboard Functions reference information.

  3. Use the following GuardAPI command to disable the Investigation Dashboard function at any time: 
    grdapi disable_quick_search

Results

Once enabled, see Accessing the investigation dashboard to learn more and begin using the investigation dashboard.

Attention: Indexed search data is retained for 3 days. Use the purge object Guardium CLI command to change the retention period. For example, the following command changes the retention period to 5 days: store purge object age 36 5. Note that 36 is the default object identification number associated with the search index. For additional information, see Configuration and Control CLI Commands reference information.