Warehouse Analytics: Use a Whitelist

Document created by RSA Information Design and Development on Mar 21, 2017
Version 1Show Document
  • View in full screen mode
  

This topic provides instructions on how you can use whitelists in a Warehouse Analytics job. You can use a whitelist in a Warehouse Analytics job so that domains that are not suspicious can be ignored while processing. You can use whitelists only in the Suspicious Domains and Suspicious DNS Activity report.

Prerequisites

Make sure that:

  • You have created the whitelist. For example, a list of domains that are confirmed to not be suspicious or a whitelist of domains on which no DNS activities occur.  For more information on creating a list, see Add a list topic in the Reporting Guide.
  • You have downloaded the Warehouse Analytics Jobs from the Live Server. For more information, see Deploy Warehouse Analytics Models.
  • You understand the components of the Warehouse Analytics view. For more information, see Warehouse Analytics View.
  • You understand the components of the Job Definition view. For more information, see Job Definition View.

Procedure

Perform the following steps to add and schedule a job for execution:

  1. In the Security Analytics menu, click Reports.
    The Manage tab is displayed.
  2. Click Warehouse Analytics.
    The Warehouse Analytics view is displayed.
  3. In the Warehouse Analytics toolbar, click run_config_add.png.
    The Job definition tab is displayed.
  4. Define the job and the schedule. For more information, see Step 3. Configure Warehouse Analytics Models.
  5. In the Advanced Options:
    1. In the Model Params field, enter the parameters to include the whitelist.
  • For Suspicious Domains model, enter the parameter name as model.suspiciousDomains.whiteList.file and select the list using WA_list.png. For more information, see Analyze a Suspicious Domains Report.
  • For Suspicious DNS Activity model, enter the parameter name as model.dns.whiteList.file and select the list using WA_list.png. For more information, see Analyze a Suspicious DNS Activity Report.  

WA_UsingWatchlists.png

  1. Click Save.
    The Warehouse Analytics executes the job scheduled and provides the configured outputs.
You are here
Table of Contents > Required Procedures > Step 3. Configure Warehouse Analytics Models > Use a Whitelist in a Warehouse Analytics Job

Attachments

    Outcomes