Supervised Learning Overview

Supervised Learning (SL) uses machine learning to predict future behavior based on previous behavior in your organization. This reduces the amount of rule-tuning you need to do, therefore reducing the number of alerts generated in your Distributed Cloud AIP environment.

SL alerts differ from rule-based alerts in that you do not need to set up a specific rule to enable SL. SL quickly deploys to any existing organization and starts working with no tuning on your end.

SL generates alerts for environments based on process execution type rules (rules which include the following clause: event_type = "audit").

Important

Currently, you cannot view the rule that enables SL in your organization. This functionality will be available in a future release.

Access SL Alerts
  1. Log into Distributed Cloud AIP.
  2. In the left navigation pane, click the Alerts tab. The Alerts page displays.
  3. At the top of the page, click the Supervised Learning tab. The Supervised Learning page displays.

    sl-page.png

On the Supervised Learning page, you can view a list of alerts that SL has generated, and other information such as the severity level and certainty score.

  • Certainty score: Determines how predictable the triggering event was by comparing it to the threshold that is set for this rule. This threshold is automatically determined during training to reduce false positive rates. If SL determines the event to be below the predictable level, an alert generates.
Enable SL Alert Notifications

You can enable notifications for Supervised Learning alerts the same way you can for other types of alerts: through push notifications on a supported third-party platform and/or in a daily alert email report.

Dismiss or Suppress SL Alerts
  1. Click the Supervised Learning tab. The Supervised Learning page displays.
  2. Click any active alert in the Alert Filters section. The Alert Details menu opens.
    SL-page.png
  3. On the Alert Details menu, you can:
    1. View a summary of contributing events in the Highlights section, and further details in the Contributing Events section below.
    2. Suppress the SL alert. For more information, see Suppress an Alert.
    3. Dismiss the SL alert. For more information, see Life Cycle of an Alert.
      sl-alert-details.png

 

Was this article helpful?
0 out of 0 found this helpful