Viewing a report on the most frequently triggered System Integrity Monitoring rules
Report on the most frequently triggered System Integrity Monitoring rules in the Administration Console
To view the report on the most frequently triggered System Integrity Monitoring rules in the Administration Console:
- Open Kaspersky Security Center Administration Console.
- In the workspace of the Administration Server <Server name> node, go to the Reports tab.
- Click the New report template button to start the New Report Template Wizard.
- Follow the wizard instructions.
- In the Selecting the report template type window, in the Other section, select the Top 10 File Operations Monitoring/System Integrity Monitoring rules triggered on the devices type.
- After creating a report template, select it in the list of templates on the Reports tab.
The report will be displayed in the workspace.
The Period field shows the reporting period covered by the report. By default, the report is generated for the last 30 days, which includes the report generation date.
The report consists of two tables:
- The summary table contains information about the System Integrity Monitoring rules that were most frequently triggered on devices during the reporting period.
- The detailed table contains information on each instance of a triggered rule.
You can customize display of the columns for each table. For details on how to add or remove columns in the report tables please refer to the Kaspersky Security Center help.
The summary table contains the following information:
The detailed table contains the following information:
- Virtual Server – the name of the virtual Administration Server (if available) that manages the protected virtual machine.
- Group name – the name of the group that includes the protected virtual machine on which the System Integrity Monitoring rule was triggered.
- IP address – IP address of the protected virtual machine on which the System Integrity Monitoring rule was triggered.
- Last visible – date and time when the protected virtual machine on which the System Integrity monitoring rule was triggered was last observed on the network by the Administration Server.
- Last connected to Network Agent – date and time when Network Agent was last synchronized with the Administration Server.
- Device name – name of the protected virtual machine on which the System Integrity Monitoring rule was triggered.
- NetBIOS name – name of the protected virtual machine on which the System Integrity Monitoring rule was triggered.
- Domain name – name of the domain that includes the protected virtual machine on which the System Integrity Monitoring rule was triggered.
- DNS name – DNS name of the protected virtual machine on which the System Integrity Monitoring rule was triggered.
- Domain DNS name – DNS name of the domain that includes the protected virtual machine on which the System Integrity Monitoring rule was triggered.
- Importance – importance level of the System Integrity Monitoring event. Possible values: Informational message, Important message, Critical message.
- Event time - date and time when the event occurred.
- Name of the triggered rule – name of the System Integrity Monitoring rule that was triggered.
- Object path – path to the monitored object whose modification was detected by the System Integrity Monitoring component. Depending on the type of control object, the following information is displayed in the column:
- Path to the file or folder, if the System Integrity Monitoring component detected a change to a file or folder.
- Registry key, if the System Integrity Monitoring component detected a change in the registry.
- External device, if the System Integrity Monitoring component detected the connection of an external device.
- Action – action taken on the monitored object. Possible values:
Create, Modify, Delete, Connect. - Object type – type of the monitored object whose modification was detected by the System Integrity Monitoring component. Possible values: File or folder, Registry key, External device.
- System Integrity Monitoring component was disabled – information about whether the System Integrity Monitoring component was disabled when the event occurred. For Kaspersky Security, this field always shows No.
- User – user account of the protected virtual machine on which the System Integrity Monitoring rule was triggered.
Report on the most frequently triggered System Integrity Monitoring rules in the Web Console
To create a template of a report on the most frequently triggered System Integrity Monitoring rules in the Web Console:
- Start the Web Console.
- In the Monitoring and Reports section, select Reports.
- Click the Add button above the list of report templates.
- In the window that opens, in the Report name field, specify the name of the created report template and in the Report type section in the Other subsection select the Top 10 File Operations Monitoring / System Integrity Monitoring rules most frequently triggered on devices type.
- In the Scope window, specify the devices information on which is to be displayed in the report.
- In the Report period window, specify the time interval data for which is to be displayed in the report.
- In the Report created window, do one of the following:
- Click the Save and run button to start generating the report.
- Click the Save button to save the report template.
The created report template will be displayed in the workspace.
To view the report on the most frequently triggered System Integrity Monitoring rules in the Web Console:
- Start the Web Console.
- In the Monitoring and Reports section, select Reports.
A list of report templates opens.
- Select the check box next to the name of the report template of the Top 10 File Operations Monitoring / System Integrity Monitoring rules most frequently triggered on devices type.
- Click the View report button.
The report window opens.
The report has two tabs:
- The Summary tab contains information about the System Integrity Monitoring rules that most frequently triggered on the devices during the reporting period:
- Name of the System Integrity Monitoring triggered rule.
- Number of times System Integrity Monitoring rules were triggered on the protected virtual machines.
- Number of protected virtual machines on which the System Integrity Monitoring rule was triggered.
- The Details tab contains information about each rule triggering event.
You can customize the displayed columns in tables on the report tabs. For details on how to add or remove columns in the report tables please refer to the Kaspersky Security Center help.
Page top