Kaspersky Next provides you with two reports related to the Adaptive Anomaly Control feature: Adaptive Anomaly Control rules state and Adaptive Anomaly Control detections.
Adaptive Anomaly Control rules state report
This report displays states of Adaptive Anomaly Control rules. This report is displayed on the Reports tab only if you activated Kaspersky Next under a Kaspersky Next EDR Optimum or XDR Expert license.
In the summary part, the report shows the distribution of Adaptive Anomaly Control rules by their state.
A table with detailed information includes the following columns:
Device on which a rule has a certain state. If a rule is in the "Smart" mode, its state on different devices may vary: on some devices, the training may be finished; while on others, it may still be in progress.
Name of the Adaptive Anomaly Control rule.
State of the Adaptive Anomaly Control rule.
The value depends on the rule state:
100%*(period from the latest unprocessed detection to now):(rule training duration)
The value depends on the rule state:
Adaptive Anomaly Control detections report
This report displays detections of Adaptive Anomaly Control. This report is displayed on the Reports tab only if you activated Kaspersky Next under a Kaspersky Next EDR Optimum or XDR Expert license. This report includes the following columns:
Device on which the detection occurred.
Owner of the device on which the detection occurred.
Name of the Adaptive Anomaly Control rule that made the detection.
Mode of the Adaptive Anomaly Control rule: Notify, Block, or Smart.
The object that performed the detected actions (for example, a file that the user opened).
The object on which the detected actions were performed (for example, a browser that uses a library that is loaded into the computer memory as a result of opening the file).