Managing NDR reports

You can use Kaspersky Anti Targeted Attack Platform to get reports with various information saved by the application. Kaspersky Anti Targeted Attack Platform generates reports as PDF files. The application can send report files to email addresses.

You can view information about generated reports and export them to files in the Reports section, Reports (NDR) subsection, Generated reports tab.

The following types of NDR report templates are possible:

System templates, created automatically during application installation. In the table of report templates, system templates are displayed with the icon. You cannot delete system templates.
Kaspersky Anti Targeted Attack Platform supports the following system report templates:
- Inventory report.
  Contains information about devices and system commands, as well as protocols used and detected risks on devices.
- System security report.
  Contains information about the security status of devices, registered events, detected risks, and interactions with devices on external networks.
- Executive summary.
  Contains brief information about devices and the security status of the system.
- Full report.
  Contains complete information about devices and the security status of the system.
Custom templates, created manually by duplicating templates. You can duplicate system or custom templates. Only users with the Senior security officer role can duplicate report templates.

Information in reports is presented as separate information blocks. Each Kaspersky Anti Targeted Attack Platform report includes a fixed set of information blocks, which are arranged in a fixed order. Information blocks used in reports and their descriptions are listed in the table below.

Using information blocks in reports

Name of the information block	Inventory report	System security report	Executive summary	Full report
Device categories How many devices are in which categories
Device vendors Most frequently specified device vendors
Device operating systems How many devices use certain operating systems
Devices with the greatest number of risks. Devices with the greatest number of risks, taking into account the risk severity levels
Situational awareness Notifications about detected system security threats in order of importance
New devices in the network Number of new devices detected by Kaspersky Anti Targeted Attack Platform
Protocols with the most traffic Most frequently used protocols by traffic volume
Devices with the most connections to other nodes Devices with the most connections to other devices, taking into account the traffic volume of the connections
Network traffic volume Amount of network traffic during the given period.
Common protocols Discovered common protocols with the greatest traffic volume
Device security status How many devices are in which security state
Distribution of devices by status How many devices have which statuses
Statistics on events How many events have which severity level
Distribution of events by detection technologies How many events were logged by which technology
Devices with the most events Devices most frequently occurring in events
Most critical events Events with the highest severity scores
Most frequently triggered malicious activity detection rules Malicious activity detection rules that were triggered most frequently on the devices
Devices with signs of access to public resources Devices with the most interactions with devices on subnets of the Public type
Connections via remote control protocols Devices with the most interactions over protocols used by remote control software
Active risks How many risks have which severity level