Warehouse Analytics: Use a Whitelist in a Job

Document created by RSA Information Design and Development on Jul 31, 2016
Version 1Show Document
  • View in full screen mode
 

You can use a whitelists in a Warehouse Analytics Job so that the domains that are not suspicious can be ignored while processing. You can use whitelists only in the Suspicious Domains and Suspicious DNS Activity report.

Prerequisites

Make sure that:

  • You have created the whitelist. For example, a list of domains that are confirmed to not be suspicious or a whitelist of domains on which no DNS activities occur.  For more information on creating a list, see Add a List in the Reporting Guide.
  • You have downloaded the Warehouse Analytics Jobs from the Live Server. For more information, see Download Warehouse Analytics Model from Live Server.
  • You have understood the components of the Warehouse Analytics view. For more information, see Warehouse Analytics View.
  • You have understood the components of the Job Definition view. For more information, see Job Definition View.

Perform the following steps to add and schedule a job for execution:

  1. In the Security Analytics menu, click Reports.
    The Manage tab is displayed.
  2. Click Warehouse Analytics.
    The Warehouse Analytics view is displayed, as shown below:
    Deploy_screen.png
  3. In the Warehouse Analytics toolbar, click run_config_add.png.
    The Job definition tab is displayed.
  4. Define the job and the schedule. For more information, see Define a Warehouse Analytics Job.
  5. In the Advanced Options, do the following:
    1. In the Model Params field, enter the parameters to include the whitelist.
  • For Suspicious Domains model, enter the parameter name as model.suspiciousDomains.whiteList.file and select the list using WA_list.png. For more information, see Analyze a Suspicious Domains Report.
  • For Suspicious DNS Activity model, enter the parameter name as model.dns.whiteList.file and select the list using WA_list.png. For more information, see Analyze a Suspicious DNS Activity Report.  

WA_UsingWatchlists.png

  1. Click Save.
    The scheduled job executes as scheduled and provides the configured outputs.
You are here: Step 3. Configure Warehouse Analytics Models > Use a Whitelist in a Warehouse Analytics Job

Attachments

    Outcomes