Scenario: Monitoring and reporting

This section provides a scenario for configuring the monitoring and reporting feature in Kaspersky Security Center.

Prerequisites

After you deploy Kaspersky Security Center in an organization's network you can start to monitor it and generate reports on its functioning.

Stages

Monitoring and reporting in an organization's network proceeds in stages:

1. Configuring the switching of device statuses

   Get acquainted with the settings that define the assignment of device statuses depending on specific conditions. By changing these settings, you can change the number of events with Critical or Warning importance levels.

   When configuring the switching of device statuses, be sure that the new settings do not conflict with the information security policies of your organization and that you are able to react to important security events in your organization's network in a timely manner.

2. Configuring notifications about events on client devices

   Configure notification (by email, by SMS, or by running an executable file) of events on client devices in accordance with your organization's needs.

3. Changing the response of your security network to the Virus outbreak event

   To adjust the network's response to new events, you can change the specific thresholds in the Administration Server properties. You can also create a stricter policy that will be activated, or create a task that will be run at the occurrence of this event.

4. Managing statistics

   Configure the display of statistics in accordance with your organization's needs.

5. Reviewing the security status of your organization's network

   To review the security status of your organization's network, you can do any of the following:

   • In the workspace of the Administration Server node, on the Statistics tab open the Protection status second-level tab (page) and review the Real-time protection status information panel
   • Generate and review the Report on protection status
   • Generate and review the Report on errors
6. Locating client devices that are not protected

   To locate client devices that are not protected, go the workspace of the Administration Server node, on the Statistics tab open the Protection status second-level tab (page), and review the History of discovery of new networked devices information panel. You can also generate and review the Report on protection deployment.

7. Checking protection of client devices

   To check protection of client devices, go to the workspace of the Administration Server node, on the Statistics tab open the Deployment or Threat statistics second-level tab (page), and review the relevant information panels. You can also start and review the Critical events event selection.

8. Evaluating and limiting the event load on the database

   Information about events that occur during operation of managed applications is transferred from a client device and registered in the Administration Server database. To reduce the load on the Administration Server, evaluate and limit the maximum number of events that can be stored in the database.

   To evaluate the event load on the database, calculate the database space. You can also limit the maximum number of events to avoid database overflow.

9. Reviewing license information

   To review license information, go to the workspace of the Administration Server node, on the Statistics tab open the Deployment second-level tab (page), and review the License key usage information panel. You can also generate and review the Report on usage of license keys.

Results

Upon completion of the scenario, you are informed about protection of your organization's network and, thus, can plan actions for further protection.

Page top