Kaspersky CyberTrace Web opens with the Dashboard tab selected. The Dashboard displays the statistics of the work of Kaspersky CyberTrace and contains several sections:
Note that if Feed Service works in ReplyBack mode or you use Log Scanner in report mode (with the -r
or --report
command-line option), Kaspersky CyberTrace does not keep the statistics of the detection events and the Dashboard does not display the statistics. To save detection statistics in ReplyBack mode, use the X-KF-SaveStatistic flag.
When switching from demo feeds to commercial feeds, it takes some time to load the indicators and to update the statistics. During that time, the Dashboard may display insufficient information.
Starting from Kaspersky CyberTrace version 4.0, you can view the statistics of the work of Kaspersky CyberTrace in flexible full-screen mode. This feature allows Kaspersky CyberTrace to fit all sections below (except the Suppliers intersections table) on a single Full HD display, without scrollbars.
Specifying the statistics period
You specify the time period for displaying statistics by selecting one of the Time range options on the Dashboard tab. You can select one of the following periods:
Kaspersky CyberTrace Web Dashboard. Time ranges for statistics display
Enabling automatic data updates
You can enable automatic data updates on a regular basis by clicking the Auto-update dashboard toggle button. Kaspersky CyberTrace can automatically update all data from the Dashboard tab. Kaspersky CyberTrace updates data every minute. If you enable automatic updating and if your user account role is Analyst, the session will not expire as long as you stay on the Dashboard tab.
By default, automatic updating is disabled.
Statistics overview
This section provides an overview of detection statistics and contains the following items:
The graph is displayed when the Checked objects button is selected.
A line graph displays statistics of detections on points. Such detections occurred during the specified period. The time scale is divided into hours, days, or weeks, depending on the specified period.
The graph is displayed when the Number of detections button is selected.
A line graph displays the number of detected indicators during the specified period. The time scale is divided into hours, days, or weeks, depending on the specified period.
The graph is displayed when the Number of detected indicators button is selected.
Kaspersky CyberTrace Web Dashboard. Statistics overview
Supplier statistics
This section provides detection statistics, organized by supplier, and contains the following items:
The table contains the following columns with data:
If an indicator is present in multiple suppliers, duplications of this indicator are discarded from the total number.
If an error occurs during an attempt to update a supplier, Kaspersky CyberTrace will display a notification about it.
The table also gives a total for each column.
If a supplier is not loaded or is loaded only partially because of license restrictions, this supplier will be marked explicitly with a warning symbol ().
This donut chart is displayed when the Detected button is selected. When you hover your mouse over a slice of the ring, the supplier name, number of detections, and percentage of total detections will appear.
Supplier statistics
This donut chart is displayed when the False positives button is selected. Hover your mouse over a slice of the ring: the supplier name, number of false positive indicators, and percentage of total false positive indicators will appear.
If the false positives list contains records, the Supplier statistics table has a row with False Positives in the Supplier name column and the size of the false positives list in the Indicators column. Other columns in this row contain 0.
If the Internal TI list contains records, the Supplier statistics table has a row with Internal TI in the Supplier name column and the size of the Internal TI list in the Indicators column. The Detected column in this row contains the number of detections against the Internal TI list, and the False positives column contains 0.
If you disable or remove a previously enabled supplier, this supplier will still be displayed in the table. Values in the Detected and False positives columns will reflect the number of true and false detections produced by this supplier while it was enabled, but the value in the Indicators column will always remain a hyphen (-). To check whether a supplier is disabled, hover your mouse over a string with the supplier name: if the supplier is disabled, a window with the supplier status appears.
Indicator statistics
This section provides statistics of the checked indicators and contains the following items:
The table contains the following columns with data:
The table also gives a total for each column.
This donut chart is displayed when the Checked button is selected. Hover your mouse over a slice of the ring: the indicator type, number of indicators, and percentage of total will appear.
This donut chart is displayed when the Detected button is selected. Hover your mouse over a slice of the ring: the indicator type, number of indicators, and percentage of total will appear.
Indicator statistics
Suppliers intersections table
This section shows the percentage of overlap between the suppliers used in Kaspersky CyberTrace. The table consists of rows and columns with suppliers. The intersection shows what percentage of indicators from suppliers in rows are present in suppliers in columns. If you choose to display statistics for a specific tenant, the table will show the overlap between suppliers used in this tenant.
The section does not display the FalsePositive and InternalTI indicator suppliers, and the suppliers that do not contain indicators.
Suppliers intersections
Clicking the Fullscreen mode button hides this section.
Viewing data for different tenants
In the drop-down list with all available tenants in the upper-left area of the window, you can select either a tenant for which to display statistics or the General tenant to display the overall statistics.
Downloading statistics reports
You can download a detection statistics report by using the Dashboard tab. The report is an HTML file. If a particular settings tenant <tenant> is selected, the file name is CyberTrace_Statistics_<tenant>_<interval>_<date>.html.
To download a report:
Select the Download statistics link.
Note that the data displayed in the report is based on the data that is displayed on the Dashboard tab. If a particular settings tenant is selected, the settings tenant name is written in the report.
The generated file contains the following:
This graph is displayed in the report when the Number of detections button is selected on the Dashboard tab.
This graph is displayed in the report when the Number of detected indicators button is selected on the Dashboard tab.
This donut chart is displayed in the report when the Detected button is selected on the Dashboard tab.
This donut chart is displayed in the report when the False positives button is selected on the Dashboard tab.
This donut chart is displayed in the report when the Checked button is selected on the Dashboard tab.
This donut chart is displayed in the report when the Detected button is selected on the Dashboard tab.