Using custom rules and filters to your advantage
While the anomaly detection jobs are incredibly useful, they are also agnostic to the domain and to the relevance of the raw data. In other words, the unsupervised machine learning algorithms do not know that a tenfold increase in CPU utilization (from 1% to 10%, for example) may not be that interesting to the proper operation of an application even though it may be statistically anomalous/unlikely in the scenario. Likewise, the anomaly detection jobs treat every entity analyzed equally, but the user might want to disavow results for a certain IP address or user ID, since the user knows that anomalies found for these entities are not desired or useful. The usage of custom rules and filters allows the user to inject domain knowledge into the anomaly detection job configuration, thereby having a fair amount of control as to what gets deemed or marked anomalous – or even if entities get considered part of the modeling process in...