GuardAPI Investigation Dashboard Functions
Use these GuardAPI commands to enable, disable, or configure Investigation Dashboard features and parameters.
disable_quick_search
Note that the Investigation Dashboard includes the Quick Search Results Table, in addition to the Activity Chart, and various other pre-defined charts.
Disable Investigation Dashboard functionality.
grdapi disable_quick_search
Parameter | Value | Description |
---|---|---|
all | true or false | In an environment with a Central Manager, use this parameter to disable search on all managed units. For example, all=true. This parameter is optional. |
api_target_host | hostname or IP address | In a central management configuration only, specifies a target host where the API will execute. On a Central Manager (CM) the value is the host name or IP of any managed units. On a managed unit it is the host name or IP of the CM. Optional parameter that specifies the target host(s) to execute the API. When
not specified, it defaults to unit on which command is executed. Valid values:
This parameter is optional. |
enable_quick_search
Enable Investigation Dashboard functionality.
grdapi enable_quick_search schedule_interval=[value] schedule_units=[value]
For example, the following command enables the Investigation Dashboard with a 2-minute data extraction interval: grdapi enable_quick_search schedule_interval=2 schedule_units=MINUTE.
Parameter | Value | Description |
---|---|---|
all | true or false | In an environment with a Central Manager, use this parameter to enable search on all managed units. For example, all=true. This parameter is optional. |
api_target_host | hostname or IP address | In a central management configuration only, specifies a target host where the API will execute. On a Central Manager (CM) the value is the host name or IP of any managed units. On a managed unit it is the host name or IP of the CM. Optional parameter that specifies the target host(s) to execute the API. When
not specified, it defaults to unit on which command is executed. Valid values:
This parameter is optional. |
extraction_start | date | Define the date by which to start the extraction of audit data for search. If this parameter is omitted, extraction starts immediately. This parameter is optional. |
includeViolations | true or false | Determine whether to include violations in the search indexes. Omitting violations can help reduce the size of search indexes. This parameter is optional. |
schedule_interval | integer | Used with the schedule_units parameter to define the interval for extracting audit data. For example, schedule_interval=2 schedule_units=MINUTE. This parameter is required. |
schedule_start | date | Date on which to begin following the extraction interval defined by the schedule_interval and schedule_units parameters. This parameter is optional. |
schedule_units | HOUR or MINUTE | Used with the schedule_interval parameter to define the interval for extracting audit data. For example, schedule_interval=2 schedule_units=MINUTE. This parameter is required. |
set_enterprise_search_options
Define the search mode for the Investigation Dashboard .
grdapi set_enterprise_search_options distributed_search=[value]
For example, the following command configures the Investigation Dashboard in all_machines mode to allow searching of data across the entire Guardium environment from any Guardium machine in that environment: grdapi set_enterprise_search_options distributed_search=all_machines.
Parameter | Value | Description |
---|---|---|
api_target_host | hostname or IP address | In a central management configuration only, specifies a target host where the API will execute. On a Central Manager (CM) the value is the host name or IP of any managed units. On a managed unit it is the host name or IP of the CM. Optional parameter that specifies the target host(s) to execute the API. When
not specified, it defaults to unit on which command is executed. Valid values:
This parameter is optional. |
distributed_search | cm_only, local_only, or all_machines |
This parameter is required, and the default value is cm_only. |