To analyze the performance of System Integrity Monitoring rules, you can look at reports and events generated by the application. Kaspersky Embedded Systems Security generates the following reports regarding the component:
In the application interface:
The Baseline update report.
The reports contain System Integrity Monitoring events.
In the Kaspersky Security Center Console
Report on computers on which monitoring rules were triggered the greatest number of times
Report on most frequently triggered monitoring rules
To generate a Report on most frequently triggered monitoring rules, the application logs the following events:
File or folder change was detected
Statistics only: prohibited file operation in controlled area
Allowed file operation in a controlled area performed by a trusted user
Uncontrolled file operation in controlled area.
To configure the storage duration of these events, in the Event configuration section of the policy, specify the duration for the general System Integrity Monitoring event: File or folder change was detected.
By default, a report is created for the previous 30 days, including the date when the report is created.
Open the Kaspersky Security Center Administration Console.
In the Administration Server node of the Administration Console tree, select the Reports tab.
Click New report template.
The New Report Template Wizard starts.
Follow the instructions of the Report Template Wizard. At the Selecting the report template type step, select the a System Integrity Monitoring report (the Other section):
Top 10 devices with File Integrity Monitor / System Integrity Monitoring rules most frequently triggered.
Top 10 rules of File Integrity Monitor / System Integrity Monitoring that were triggered on devices most frequently.
After you have finished with the New Report Template Wizard, the new report template appears in the table on the Reports tab.
Open the report by double-clicking it.
The report generation process starts. The report is displayed in a new window.