After collecting several thousands of sessions as training data, the machine learning model can be prepared and enforced as described in this article.
- Go to:
Application Firewall >> Anomaly Shield >> tab Applications - In the application list, click the
.theme/1.1/en-us.17710.Button_-_Manage_models_(gears_button)_original.svg)
button to manage the machine learning model of the application. The Anomaly Shield Model Management page opens up. - Optional: In the section ColdDB Cluster Sync click Merge remote data, if the Gateway is operated in a cluster setup,
- In the section Training Task, select a period of training data with the following in mind:
- Select at least several thousand sessions of realistic production data.
- Select session data for a period of 35 days. It is important to train the machine learning model with the full range of different sessions and traffic behaviors that may occur in a typical calendar month.
- Click the Train button to create a prepared model. Note that training may take some time, depending on the number of selected sessions and the available system resources.
- In the section Prepared Model status OK appears. If the status is Incomplete or Empty, consider using a larger data set for training.
- In the section Prepared Model click the Enforce model button to enforce the prepared model for the Anomaly Shield application.
- The machine learning model is enforced with status OK.
_applications_in_Data_Collection_mode.theme/1.2/en-us.AAS_(no_dropshadow)_applications_in_Data_Collection_mode_html.png)
Proceed with Part 3 – Trigger, pattern and rule configuration.