ML dimensions

The Admin > Alarm Monitor > ML Dimensions page is the management view for the feature dimensions covered by the Plixer ML Engine’s network behavior models.

Note

The Plixer ML Engine is part of the Plixer One Enterprise solution. Contact Plixer Technical Support to learn more.

The page’s main view/table lists the following details for all dimensions currently defined:

Status

Current state the dimension is set to (green: Enabled, grey: Disabled)

Protocol

Communication protocol

Port

Communication port

Internal Only

Option to interrogate only internal communications

Used For

Type of inclusion/source the dimension is applied to

Aggregation

Flow template field used for data aggregation

Grouped By

Flow template field used to group observed flow data

Created By

User ID of dimension creator

Last Modified

Date and time the definition was last modified

Clicking on a dimension opens the details/settings tray, where the dimension can be enabled/disabled and configured to only apply to internal traffic.

Adding a new dimension

Additional feature dimensions can be defined from the ML Dimensions management view as follows:

  1. In the main view, click the + button to open the Add Dimension tray.

  2. Select which inclusion type the dimension should apply to (hosts/subnets or exporter interfaces).

  3. In the secondary tray, fill in the form with the following information:

    • A name for the dimension

    • Flow template field to use for grouping (can only be changed for host dimensions)

    • Aggregation method/field

    • Communication protocol to monitor

    • Port to monitor

  4. [Optional] To monitor only internal traffic for the dimension, toggle on Internal Only.

  5. [Optional] To add the dimension in a disabled state, use the Enabled toggle.

  6. Verify that the details and settings entered are correct and then click the Add button.

Once added, host dimensions (prefixed with CLIENT-) and exporter dimensions (prefixed with NET-) will be included in the main table/view. Settings for existing dimensions can be edited at any time by clicking on them to open the configuration tray.

Deleting dimensions

To delete feature dimensions, select one or more dimensions using the checkboxes in the list/table, and then select the Delete option in the bulk actions tray.

Alternatively, feature dimensions can instead be disabled (either individually or as a bulk action) to retain the definitions.

Dimensions can also be disabled and re-enabled from the bulk actions tray if the definitions need to be retained for future use.

Note

The Bulk Actions button is only available when one or more items are selected in the main table/view.