The Custom Model Support Architecture
The following diagram helps you understand the custom model support architecture:
The following table describes the components involved in the custom model support architecture:
| Component | Description |
|---|---|
| Intelligence Tuning API | API that provides a way of registering a custom model with Intelligence. By registering the model, you are importing the model into Intelligence. This API also allows for the management of the custom models. |
| Database |
When a model is registered through the Intelligence Tuning API, the PMML file and the other metadata of the model are stored in the BYOM_meta table of the database. The database also stores the raw events (incoming data from different data sources) in the Raw events table. In addition to events, the database stores the Intelligence analytics data in the Anomalies table and the Entities risk score table. |
| Intelligence Analytics | Performs the vital task of determining individual behavioral baselines, and then discovering and ranking deviations from those baselines. It reads data from the Raw events table and uses the model with the help of the model data in the BYOM meta table to generate the analytics data, that is, anomalies in the Anomalies table and entities' scores in the Entities risk score table. It also stores the analytics data in Elasticsearch. |
| Elasticsearch | Elasticsearch is an open source, broadly-distributable and easily-scalable enterprise-grade search engine. Elasticsearch houses all the Intelligence analytics results and raw events, and it provides all the data that drives the user interface. |
| Intelligence API |
Intelligence API reads data from Elasticsearch and provides the REST API from which Intelligence UI gathers the Intelligence analytics results and raw events. |
| Intelligence UI | Provides a rich user interface that allows you to visually explore the Intelligence analytics results and raw events in the Intelligence dashboard. |