.theme/1.2/en-us.Submenu_-_Anomaly_Shield_Application_(full)_html.png)
Airlock Anomaly Shield has to be configured for individual applications.
Airlock Anomaly Shield has to be configured for individual applications.
In order to shield an application, Airlock Anomaly Shield machine learning models must be trained based on a sufficient amount of relevant training data. Collecting training data can be activated/deactivated for each Anomaly Shield Application in the Applications table on Tab – Applications.
Training data are associated with the Application Name. Collected training data will be lost after changing the Application Name.
When incoming traffic matches one or more of the referenced Traffic Matchers the entire traffic of the session is bypassed around Airlock Anomaly Shield and will not be collected. If traffic matches during an active session, the previously collected requests of the affected session are discarded.
Log session anomaly details drop-down menu
Anomaly Detection Exclusions table
When incoming traffic matches one or more of the referenced Traffic Matchers the ongoing traffic of the session is bypassed around Airlock Anomaly Shield. The previous traffic of the affected session is marked as excluded and the session-related machine learning data are discarded.
The machine-learning algorithm has to be configured for detection and subsequent response handling. Optionally, response rule exceptions can be configured using Traffic Matchers.
The first matching response rule will be executed. If a rule matches, consecutive rules are not processed and therefore it is advisable to reference rules with blocking actions first.
If an incoming request matches one or more of the referenced Traffic Matchers, the request is bypassed around Airlock Anomaly Shield to prevent false positives. Other requests of the same session are not affected by the exclusion i.e. are processed by Airlock Anomaly Shield.