Grouping alerts by attributes
To enable the functionality of alert aggregation, you have to activate Administration Server under a Kaspersky Next XDR Optimum license, and then deploy the Kaspersky Next XDR Optimum license key to your managed applications. If you are using the Kaspersky Next EDR Optimum license, you do not have to activate the applications installed on your managed devices under the Kaspersky Next XDR Optimum license. You must do it only for new devices, if any.
Because the Kaspersky Next XDR Optimum license supports multitenancy, you can centrally distribute the license key to managed applications. Automatic distribution of the license to secondary and virtual Administration Servers is not supported.
Aggregation groups alerts that may belong to the same incident, which makes the investigation process easier. You can aggregate alerts by device name, account, or hash name (SHA256).
Alerts are aggregated by an attribute only if that attribute is not empty.
Alerts are aggregated together if they share at least one attribute and occur within 24 hours of any other alert in the group
To aggregate alerts by attributes:
- In the main menu, go to Monitoring & reporting → Alerts.
- Do one of the following:
- Enable the Alerts aggregation toggle switch, then select one or more attributes to aggregate alerts by:
- Device name
- Account
- Hash name (SHA256)
The Device name and Account attributes are selected by default.
- Click the settings icon (
). In the Columns settings pane that opens, go to the Grouping tab. Select Aggregation group ID and click Save.
When aggregation is enabled, alerts are sorted by Event time from newest to oldest. Additional sorting options are not supported. Selecting a different grouping option will disable aggregation.
- Enable the Alerts aggregation toggle switch, then select one or more attributes to aggregate alerts by:
The table displays alerts aggregated by attributes, with unaggregated alerts listed at the bottom.
Each alert is assigned to only one group after aggregation.
Page top