Step 5 - Start the New-Scale Analytics Engine
The goal of this step is to start the New-Scale Analytics detection engine. This task involves enabling the available analytics rules in Threat Detection Manager and training the analytics engine on the rules. This procedure ensures that the New-Scale Analytics engine can begin processing events against baseline behavior and detecting anomalies.
On the New-Scale Security Operations Platform home page, navigate to Security Management column and click the Threat Detection Management tile.
Because this procedure is part of a new deployment, Threat Detection Management opens with a dialog box indicating that no rules on the Analytics Rules tab are enabled yet. Click Enable <n> Rules to enable all of the available analytics rules.
The enabled analytics rules are listed as pending in the Engine Status panel in the top left corner of the Analytics Rules tab. These pending rule changes must be processed in order to start the New-Scale Analytics engine.
In the Engine Status panel, click View Changes. A list of the changed analytics rules opens along with multiple options for processing them.
Use the steps below to apply the analytic rule changes and start the New-Scale Analytics engine. Rules will trigger only on real-time data after the training is complete.
Note
Retraining is possible only for days when the New-Scale Analytics detection engine had data filtered to it. Empty training days will be skipped.
Click Apply Changes and Re-train.
Then click Apply Rule Changes.
When prompted, click Confirm. The New-Scale Analytics engine begins processing. You will not be able to stop it or train new analytics rules until training is complete.
When the processing has begun, the Analytics Rules tab is redisplayed and you can monitor the progress in the Engine Status panel in the top left corner.
