Views:

When the Detect or Enforce mode of Operations Behavior Anomaly Detection is selected, the Learning time option becomes available. You can specify the learning period for the target agents/group from the Learning time menu. The agents that have not established their own baselines will then start learning and once the learning period ends, they will automatically switch to the predefined Detect or Enforce mode.

See the following instructions for how to set the learning time.

  1. Go to Agents > Policy, scroll down and find the Operations Behavior Anomaly Detection pane. Select Detect or Enforce.
  2. The Learning time section appears.
  3. Scroll down and determine which security pillars (Scrip Behavior, User Login, or Application Behavior) you want to enable. Ensure you toggle on at least one of them for the agent-device to establish the associated baseline.
    Note: The three security pillars can be individually toggled on for guarding separate vulnerability points, or you can choose to enable them all for the complete protection.
  4. Specify the learning period for the target agent-device from the Learning time menu.
  5. A progress bar displaying how many days left for learning will appear on the Agents screen or the General Info page for the agent-device. See About the Agents Screen for more information.
    Note:

    • The learning time counts only when the target agent-device is powered on.

    • If you toggle on the security pillars separately, though the learning period is specified and fixed, the actual learning time displayed on the progress bar varies depending on when the last pillar is enabled. Besides, the agent switches to the predefined Detect or Enforce mode for the security pillars separately. See the following use case for more details.

Parent topic: Operations Behavior Anomaly Detection for StellarProtect
Parent topic: Operations Behavior Anomaly Detection for StellarProtect (Legacy Mode)