The table of network anomaly detection rules is displayed in the Intrusion detection section of the Network Anomaly Detection tab.
Users with the Senior security officer and Security auditor roles can view the table of network anomaly detection rules.
On the Network Anomaly Detection tab, the delay of traffic receipt counter is displayed below the toolbar. The counter contains the dynamically changing lag time of incoming traffic data received by the database used to store protocol attributes. If the application detects a critical lag time, the green icon is no longer displayed next to the counter. In this case, automatic runs of rules occurring during this period may lead to an incorrect result. Before returning the counter to its normal state, it is recommended to manually run the rules while taking into account the available range for analyzing protocol attributes.
Rule settings are displayed in the following columns of the table:
Rule ID assigned in Kaspersky Anti Targeted Attack Platform.
Specified user name.
Current status of the rule (Enabled or Disabled).
Rule creation date and time.
Date and time when the rule was last modified.
The name of the template associated with the rule. If the rule is not associated with a built-in template, the User-defined template is specified for the rule.
The duration of the time interval for searching for network anomalies among the protocol attributes.
Rule description.
Information about the schedule according to which the application automatically starts the rule.
Date and time when the rule was last started.
Resulting status of the rule when it was last run.
Number of events registered when the rule was run.
Header of the event that is logged when the rule is triggered.
Score of the event that is logged when the rule is triggered. Events are scored on a scale from 0.0 to 10.0.
Description of the event that is logged when the rule is triggered.
When viewing the Network Anomaly Detection rules table, you can use the configuration, filter, and sorting functions.
Page top