Viewing general information about triggers for network anomaly detection rules

You can view an overview of how network anomaly detection rules are triggered when viewing the rule table. The table displays information about the most recent rule runs.

Users with the Senior security officer and Security auditor roles can view general information about anomaly detection rule runs.

You can view general information about rule runs under Rule runs in the details area. General information about running network anomaly detection rules includes the following:

• Date and time when the rule was last started.
• Date and time of the next rule run.
• Status of last rule run.

  The following statuses are possible:

  • Never run: a new rule has been created and no run has been created for this rule.
  • New: a new run of the rule was created and an analysis of protocol attributes based on this rule has not yet been performed.
  • Awaiting data: Kaspersky Anti Targeted Attack Platform is waiting for traffic data to arrive in the database used to store protocol attributes (all data has not yet arrived by the end of the defined time interval for searching for network anomalies).
  • Waiting: the rule is in the run queue.
  • No data: there is no traffic data in the time interval for searching for network anomalies based on the rule.
  • In progress: the rule is running.
  • Canceled: the rule has been stopped.
  • Completed: the rule has been successfully completed.
  • Error: an error occurred while running the rule.
  • Partially successful: the rule was run with a partially successful result: traffic data was not received in full for the specified time interval.
• The number of times the rule runs.
• The duration of SQL query execution when the rule was last run.
• The time interval to search for network anomalies when the rule was last run.
• The number of events logged when the rule was last run.

Page top