Viewing information about Root-Cause Analysis detections
March 5, 2024
ID 212607
You can view information about Root-Cause Analysis detections in a widget and a table. The widget shows up to 10 detections and the table shows up to 1000 detections.
Root-Cause Analysis widget
To view the Root-Cause Analysis widget:
- Open Kaspersky Endpoint Security Cloud Management Console.
- In the Information panel section, click the Monitoring tab.
- If Root-Cause Analysis is disabled, start using the feature.
The widget displays the requested information.
From the displayed widget, you can proceed to the following:
- Properties of the device on which a detection occurred.
- Threat development chain graph, to perform root-cause analysis of the attack.
- Table with the Root-Cause Analysis detections.
Root-Cause Analysis table
To view the table with the Root-Cause Analysis detections:
- Open Kaspersky Endpoint Security Cloud Management Console.
- Open the Root-Cause Analysis detections window in any of the following ways:
- In the Information panel section, click the Monitoring tab, and then click the Go to the list of detections link in the Root-Cause Analysis widget.
- Select the Security management → Root-Cause Analysis section.
- If Root-Cause Analysis is disabled, start using the feature.
The table displays the requested information.
- Filter the displayed records by selecting the required values in the drop-down lists:
- Detected on
The period over which detections have occurred.
- Status
Whether the detected objects have been treated or untreated (deleted).
- Detected on
From the displayed table, you can proceed to the following:
- Properties of the device on which a detection occurred.
- Settings of the security profile that is assigned to the user who owns an affected device.
- Threat development chain graph, to perform root-cause analysis of the attack.
Also, you can export information about all of the current detections to a CSV file.