After collecting several thousands of sessions as training data, the machine learning model can be prepared and enforced as described in this article.
- Go to:
Application Firewall >> Anomaly Shield >> tab Applications - In the application list, click the button to manage the machine learning model of the application. The Anomaly Shield Model Management page opens up.
- Optional: In the section ColdDB Cluster Sync click Merge remote data, if the Gateway is operated in a cluster setup,
- In the section Training Task, select a period of training data with the following in mind:
- Select at least several thousand sessions of realistic production data.
- Select session data for a period of 35 days. It is important to train the machine learning model with the full range of different sessions and traffic behaviors that may occur in a typical calendar month.
- Click the Train button to create a prepared model. Note that training may take some time, depending on the number of selected sessions and the available system resources.
- In the section Prepared Model status OK appears. If the status is Incomplete or Empty, consider using a larger data set for training.
- In the section Prepared Model click the Enforce model button to enforce the prepared model for the Anomaly Shield application.
- The machine learning model is enforced with status OK.
Proceed with Part 3 – Trigger, pattern and rule configuration.