MicroAI Security on Windows#
To start running MicroAI Security on your Windows device you must first register a device profile for Security. Login to you Launchpad account and click on create profile.
Next your going to create a unique profile name, we recommend using something easily recognizable. Then Under “Use Case” pick “Security and Monitoring”, then click “Next”.
Next is the “Health Groups”. for security the channels we monitor are kept hidden to provide even more security to your device. There are two Health Groups under Security and both have the same variables and sliders are the Health Groups for AtomML+, this is because they both run on the same technology. We will explain each Slider in detail.
Health Group Parameters Explanation#
Hysteresis 1 and 2: Control the speed at which a health score increases. The larger the value, the slower the increase. All values over 1 cause the health score to increase slower than it decreases.
Aging: Controls the rate of change in the healthscore (0,1). (Higher it is, less rate of change)
Memory: Coefficient to control how much previous data is remembered (0,1) the closer to one, the more data is considered
Noise: Expected false positive rate (Higher it is, the more abnormal data is ignored)
Intensity: Coefficient to control the weight of abnormal channels that are far from the normal bounds. Should not be set higher than the number of total channels.
DTNM: Days to Maintenance is a scaled version of health score to the nominal maintenance interval and then subtract out the amount of time that has passed since maintenance has occurred.
Note
What is Nominal Maintenance Interval (NMI)? Nominal Maintenance Interval (NMI): Provided by the user. This value is the length of the maintenance cycle of the monitored equipment.
Below DTNM, you will see three more sliders. RL is the number of days of operation expected on the device before it is permanently out of commission, similar to NMI but instead of maintenance, it is for the end of life. PdM is the algorithm for predictive maintenance. K is the noise value for remaining life algorithm.
AI General Parameters Explanation#
Training Secs: Controls the amount of seconds that AI trains for. The default is 300 seconds but can be modified per user discretion.
Split Counter: Referred to as the period of the device’s behavior.
Important
Training secs should be 10 times longer than split counter for ideal training time.
AI Feed Rate: The rate at which data is accepted by the AI. We recommend 1000 milliseconds but you can modify it to your needs.
Small Threshold: Determines the minimum distance between the upper and lower bounds that they can converge to.
Initial Period Secs: How long AtomML delays sending data to the AI to begin training or executing.
Health Score Delay: The delay in loops between the AI starting and the health score calculation.
Bounds Limit: A flag for the AI on whether or not it should calculate hard bounds for each channel that the upper and lower bounds can never cross.
Build Model: A flag to tell the AI to build the model or not. By default, if there is no model available, the AI will automatically build one. This button is used if you want to replace the previous AI model with a new one with parameters tuned to the user’s discretion.
AI Nominal only has two parameters, “Training Secs” and “Build Model”. These parameters follow the same requirements needed for AI General.
IMPORTANT! AI Nominal Training Secs must be equal to Training Secs in AI General.
Y Code Parameters Explanation#
Max Rows: How you set the amount of data. Essentially how many messages to keep stored and to send when the trigger occurs.
Max Secs: How you set the amount of time. Every loop we check the age of one row (or message if you prefer) and ensure that it is young enough to warrant keeping.
Post Event: The amount of time to operate in continuous mode after the trigger event. This is to give the user the context both before and after the trigger event.
Synchronus Frequency (ms): The time period at which we generate a sync packet. Should not be run faster than the AIEngine Feed Rate.
Max Asynchronus Frequency (ms): The time period at which we generate an async packet. Should not really be run slower than the AIEngine Feed Rate, however, that is not a hard rule that we enforce.
Launchpad Exporter: Enabled to send data to Launchpad, we recommend keeping this on.
External Exporter: Only applied to specific use cases, please disregard unless you fall under that category.
AIStudio Exporter: An additional feature that will be added later to Launchpad and will be explained in another section.
Email Notification Exporter: If you would like email notifications for your device, you can set up the “Email Notification Exporter” accordingly.
Now we will begin executing security for Windows. Once you enter your payment information you will see several dropdowns in the last tab. For Windows, you will download the installer for security.
Run the installer, It will ask you to download any Windows requirements needed to run the installer or MicroAI Security.
The installer will ask for the API key associated with your Security Profile. if you go back to your profile and go to the first tab you will see a profile key that you can copy, go ahead and copy and paste this into the API key field in the installer.
After you enter the API Key the installer will automatically register your windows device and begin monitoring.
You can go to the “Apps” tab in the sidebar on Launchpad and click on “Security and Monitoring”, this will open up a dashboard which will show all active devices. Click on your device and it will open the Dashboard where monitoring data will be sent.
If you are versed in running ethical hacks you can begin testing MicroAI Security and see real-time reports of port scans, unusual packet data, and more.