Kaspersky Unified Monitoring and Analysis Platform

Monitoring policies

Policies for monitoring the sources of events are displayed in the table under Sources status → Monitoring policies. You can sort the table by clicking the column header of the relevant setting. Clicking on a policy opens an information pane containing its settings that can be edited.

The following columns are available:

• Name—name of the monitoring policy.
• Lower limit—lower boundary of the permissible number of incoming events as indicated in the monitoring policy.
• Upper limit—upper boundary of the permissible number of incoming events as indicated in the monitoring policy.
• Interval—period taken into account by the monitoring policy.
• Type—type of monitoring policy:
  • byCount—the monitoring policy tracks the number of incoming events.
  • byEPS—the monitoring policy tracks the rate of incoming events.
• Tenant—the tenant that owns the monitoring policy.

To add a monitoring policy:

1. In the KUMA web interface, under Sources status → Monitoring policies, click Add policy and define the settings in the opened window:
   • In the Policy name field, enter a unique name for the policy you are creating. The name must contain from 1 to 128 Unicode characters.
   • In the Tenant drop-down list, select the tenant that will own the policy. Your tenant selection determines the specific sources of events that can covered by the monitoring policy.
   • In the Policy type drop-down list, select the method used to track incoming events: by rate or by number.
   • In the Lower limit and Upper limit fields, define the boundaries representing normal behavior. Deviations outside of these boundaries will trigger the monitoring policy, create an alert, and forward notifications.
   • In the Counting period field, specify the period during which the monitoring policy must take into account the data from the monitoring source. The maximum value is 14 days.
   • If necessary, use the Email address button to specify the email addresses that should receive notifications when the KUMA monitoring policy is triggered.

     To forward notifications, you must configure a connection to the SMTP server.

2. Click Add.

The monitoring policy will be added.

To remove a monitoring policy:

Select the relevant policy, click Delete policy and confirm this action.

You cannot remove preinstalled monitoring policies or policies that have been assigned to data sources.