Airlock Anomaly Shield Quick Start

Quick Start prerequisites

• The Quick Start will only be shown if no AS applications are configured.

Next Steps

• The Log Viewer provides a GATEWAY Anomaly Shield dashboard that visualizes the activity of Anomaly Shield and its detection capabilities.
• The Quick Start configures all AS applications with data collection, detection and response and automated retraining.
• After 35 days, the Anomaly Shield will automatically retrain and activate all models. You should see a considerable increase in detection capabilities with these models.
• It is possible to modify the configuration created by Quick Start. See Airlock Anomaly Shield configuration for an overview of the manual configuration.
• Quick Start will work without a license in log-only mode. Enabling Anomaly Shield to execute actions requires a license.

• Quick Start is ideal for achieving a simple initial configuration quickly. It is not a tool to configure complex setups. Once a configuration is present, the Quick Start can no longer be used.
• It is recommended that 35 days of collected data be used as input for model training to achieve the ideal effectiveness for the models. The Quick Start can train models with very little data, but the resulting models are much less effective. To compensate, the Quick Start configures the automated retraining, and after 35 days, new models will be trained and applied automatically.
• The Quick Start uses heuristics to identify 5 mappings that are most likely to profit from the Anomaly Shield protection. Quick Start does not support complex scenarios combining multiple mappings into a single AS application.
• The Quick Start will always use the default Triggers and Rules.

• For a general introduction, see: Airlock Anomaly Shield
• For information about the manual configuration see Airlock Anomaly Shield configuration.
• For a brief example of setup, usage and operation, see: Logs, tuning and advanced configuration