Configuring the Similar Anomaly service

Kaspersky MLAD uses the Similar Anomaly service to identify similar incidents and combine them into groups. In groups, you can view similar incidents that were registered at different times.

System administrators can configure the Similar Anomaly service.

To configure the Similar Anomaly service:

1. In the lower-left corner of the page, click the  button.

   You will be taken to the administrator menu.

2. Select System parameters → Similar Anomaly.

   A list of service settings appears on the right.

3. In the Minimum number of incidents in group field, enter the minimum number of similar incidents for forming a group.
4. In the Maximum number of incidents in group field, enter the maximum number of incidents that can be put into one group.

   The larger the specified value, the more incidents the application can assign to one group.

5. In the Maximum distance between similar incidents field, enter the maximum distance that similar incidents can lag behind each other.

   You can specify a value in the range of 0 to 1.

6. Click the Save button.

Page top