CLI analytics tool

The airlock-ml-analytics tool is a multi-purpose CLI application. It allows administrators to analyze collected session data.

Path to the tool:

copy
/opt/airlock/ml-service/bin/airlock-ml-analytics

Use ./airlock-ml-analytics --help for detailed tool description.

Main use-cases for the tool

  • Testing (dry-run) before applying new settings/configurations:
  • The tool can be used to apply different/customized configurations (e.g., with tuned thresholds) to ColdDB sessions for testing and evaluation purposes.
  • The resulting anomaly indicator values and anomaly indicator patterns will show the Airlock Anomaly Shield output based on the current test settings.
  • Statistics:
  • Generate percentage statistics of resulting indicator patterns on a given set of sessions (time frame, application).
  • This is useful to see which patterns are most common in your setup. Or would be for certain parameters.
  • Deep analysis of certain indicator properties:
  • Search sessions that match certain indicator properties such as indicator values, indicator pattern, number of active indicators, etc.
  • Sessions found this way may then be further analyzed using the Logviewer.
  • Generation of raw anomaly indicator values for evaluation:
  • Raw anomaly indicator values or resulting indicator patterns can be generated for a given session or even a set of sessions.
  • The data can be used to analyze why a session evaluation resulted in a specific pattern.

For better understanding, we have created a mini-guide on how to integrate Airlock Anomaly Shield and how to use the CLI analytics tool with exemplary data.