GuardAPI Investigation Dashboard Functions

Use these GuardAPI commands to enable, disable, or configure Investigation Dashboard features and parameters.

disable_quick_search

Note that the Investigation Dashboard includes the Quick Search Results Table, in addition to the Activity Chart, and various other pre-defined charts.

Disable Investigation Dashboard functionality.

grdapi disable_quick_search

Parameter	Value	Description
all	`true` or `false`	In an environment with a Central Manager, use this parameter to disable search on all managed units. For example, `all=true`. This parameter is optional.
api_target_host	hostname or IP address	In a central management configuration only, specifies a target host where the API will execute. On a Central Manager (CM) the value is the host name or IP of any managed units. On a managed unit it is the host name or IP of the CM. Optional parameter that specifies the target host(s) to execute the API. When not specified, it defaults to unit on which command is executed. Valid values: all_managed: for all managed units all: all managed units and CM group:<group name>: where group name is a group of managed units from CM only, the host name or IP of any managed units, for example, `api_target_host=10.0.1.123` from managed unit, the host name or IP of the CM This parameter is optional.

Parameter

Value

Description

all

true or false

In an environment with a Central Manager, use this parameter to disable search on all managed units. For example, all=true.

This parameter is optional.

api_target_host

hostname or IP address

In a central management configuration only, specifies a target host where the API will execute. On a Central Manager (CM) the value is the host name or IP of any managed units. On a managed unit it is the host name or IP of the CM.

Optional parameter that specifies the target host(s) to execute the API. When not specified, it defaults to unit on which command is executed. Valid values:

all_managed: for all managed units
all: all managed units and CM
group:<group name>: where group name is a group of managed units
from CM only, the host name or IP of any managed units, for example, api_target_host=10.0.1.123
from managed unit, the host name or IP of the CM

This parameter is optional.

enable_quick_search

Enable Investigation Dashboard functionality.

grdapi enable_quick_search schedule_interval=[value] schedule_units=[value]

For example, the following command enables the Investigation Dashboard with a 2-minute data extraction interval: grdapi enable_quick_search schedule_interval=2 schedule_units=MINUTE.

Parameter	Value	Description
all	`true` or `false`	In an environment with a Central Manager, use this parameter to enable search on all managed units. For example, `all=true`. This parameter is optional.
api_target_host	hostname or IP address	In a central management configuration only, specifies a target host where the API will execute. On a Central Manager (CM) the value is the host name or IP of any managed units. On a managed unit it is the host name or IP of the CM. Optional parameter that specifies the target host(s) to execute the API. When not specified, it defaults to unit on which command is executed. Valid values: all_managed: for all managed units all: all managed units and CM group:<group name>: where group name is a group of managed units from CM only, the host name or IP of any managed units, for example, `api_target_host=10.0.1.123` from managed unit, the host name or IP of the CM This parameter is optional.
extraction_start	date	Define the date by which to start the extraction of audit data for search. If this parameter is omitted, extraction starts immediately. This parameter is optional.
includeViolations	`true` or `false`	Determine whether to include violations in the search indexes. Omitting violations can help reduce the size of search indexes. This parameter is optional.
schedule_interval	integer	Used with the schedule_units parameter to define the interval for extracting audit data. For example, `schedule_interval=2 schedule_units=MINUTE`. This parameter is required.
schedule_start	date	Date on which to begin following the extraction interval defined by the schedule_interval and schedule_units parameters. This parameter is optional.
schedule_units	`HOUR` or `MINUTE`	Used with the schedule_interval parameter to define the interval for extracting audit data. For example, `schedule_interval=2 schedule_units=MINUTE`. This parameter is required.

set_enterprise_search_options

Define the search mode for the Investigation Dashboard .

grdapi set_enterprise_search_options distributed_search=[value]

For example, the following command configures the Investigation Dashboard in all_machines mode to allow searching of data across the entire Guardium environment from any Guardium machine in that environment: grdapi set_enterprise_search_options distributed_search=all_machines.

Parameter	Value	Description
api_target_host	hostname or IP address	In a central management configuration only, specifies a target host where the API will execute. On a Central Manager (CM) the value is the host name or IP of any managed units. On a managed unit it is the host name or IP of the CM. Optional parameter that specifies the target host(s) to execute the API. When not specified, it defaults to unit on which command is executed. Valid values: all_managed: for all managed units all: all managed units and CM group:<group name>: where group name is a group of managed units from CM only, the host name or IP of any managed units, for example, `api_target_host=10.0.1.123` from managed unit, the host name or IP of the CM This parameter is optional.
distributed_search	cm_only, local_only, or all_machines	cm_only Searches submitted from a Central Manager return results from across the Guardium environment, but searches submitted from managed units only return local results from that managed units local_only Searches submitted from individual machines return results from that machine only. There is no ability to search data from across the Guardium environment. all_machines Searches can be submitted from any machine and return results from across the Guardium environment. This parameter is required, and the default value is cm_only.

Parameter

Value

Description

api_target_host

hostname or IP address

Optional parameter that specifies the target host(s) to execute the API. When not specified, it defaults to unit on which command is executed. Valid values:

all_managed: for all managed units
all: all managed units and CM
group:<group name>: where group name is a group of managed units
from CM only, the host name or IP of any managed units, for example, api_target_host=10.0.1.123
from managed unit, the host name or IP of the CM

This parameter is optional.

distributed_search

cm_only, local_only, or all_machines

cm_only: Searches submitted from a Central Manager return results from across the Guardium environment, but searches submitted from managed units only return local results from that managed units
local_only: Searches submitted from individual machines return results from that machine only. There is no ability to search data from across the Guardium environment.
all_machines: Searches can be submitted from any machine and return results from across the Guardium environment.

This parameter is required, and the default value is cm_only.