CLI analytics tool
The airlock-ml-analytics tool is a multi-purpose CLI application. It allows administrators to analyze collected session data.
Path to the tool:
Terminal box
/opt/airlock/ml-service/bin/airlock-ml-analytics
Info
Use ./airlock-ml-analytics --help for detailed tool description.
Main use-cases for the tool
Testing (dry-run) before applying new settings/configurations:
- The tool can be used to apply different/customized configurations (e.g., with tuned thresholds) to ColdDB sessions for testing and evaluation purposes.
- The resulting anomaly indicator values and anomaly indicator patterns will show the Airlock Anomaly Shield output based on the current test settings.
Statistics:
- Generate percentage statistics of resulting indicator patterns on a given set of sessions (time frame, application).
- This is useful to see which patterns are most common in your setup. Or would be for certain parameters.
Deep analysis of certain indicator properties:
- Search sessions that match certain indicator properties such as indicator values, indicator pattern, number of active indicators, etc.
- Sessions found this way may then be further analyzed using the Logviewer.
Generation of raw anomaly indicator values for evaluation:
- Raw anomaly indicator values or resulting indicator patterns can be generated for a given session or even a set of sessions.
- The data can be used to analyze why a session evaluation resulted in a specific pattern.
Notice
For better understanding, we have created a mini-guide on how to integrate Airlock Anomaly Shield and how to use the CLI analytics tool with exemplary data.