Support

Support for business applications

Kaspersky Industrial CyberSecurity for Networks

Performing common tasks

Monitoring events and incidents

Table of registered events

Kaspersky Industrial CyberSecurity for Networks
Нет результатов
Online Help
FAQ Download Forum Contact support Recovery tools Product videos

Table of registered events

March 22, 2024

ID 150797

Get as PDF

You can view the table of registered events and incidents in the Events section of the application web interface.

By default, the table of registered events and incidents is updated in online mode. The beginning of the table displays the events and incidents with the latest dates and times when last visible.

The date and time when the event or incident was last visible may differ from the date and time of its registration (the date and time of registration is displayed in the Start column). For an event, the date and time when last visible may be updated during the event regeneration period for this type of event. For an incident, the date and time when last visible is updated according to the date and time of last occurrence of the events that are part of the incident.

The settings of events and incidents are displayed in the following columns of the table:

  • Start

    For an event that is not an incident – date and time of event registration. For an incident – date and time of registration of the first event included in the incident. In the table, you can view the date together with the time, or just the date or time by itself. To choose the information to display, select the check boxes opposite the Date and/or Time settings.

  • Last seen

    For an event that is not an incident, this is the date and time when the event last occurred. It may contain the date and time of event registration, or the date and time when the event regenerate counter value increased if the conditions for event registration were repeated during the event regenerate timeout. The value of the regenerate counter is displayed in the Total appearances column. For an incident, this is the latest date and time of last occurrence of events that are part of the incident. Just like with the Start column, you can view the date together with the time, or just the date or time by itself.

  • Title

    Header defined for the event type.

  • Score

    Calculated value for the event score. The severity of the event is designated by a numerical score. Depending on the severity, the score may have one of the following colors:

    • Red designates an event with High severity.
    • Yellow designates an event with Medium severity.
    • Blue designates an event with Low severity.
  • Source

    Address of the source of network packets. You can enable or disable the display of addresses and ports of address information by using the following settings (their abbreviated names displayed in table columns are indicated in the parentheses): IP address, Port number (P), MAC address, VLAN ID (VID), Application-level address. If additional address spaces were added to the application, you can enable or disable the display of the names of address spaces by using the Show address spaces setting when configuring the devices table.

  • Destination

    Address of the destination of network packets. The display of address information can be configured the same way as the Source column.

  • Protocol

    Application layer protocol that was being monitored when the application registered the event.

  • Technology

    This icon corresponds to the technology that was used to register the event.

  • Total appearances

    For an event that is not an incident, this is the value of the regenerate counter after the event is registered within the event regenerate timeout. A value greater than 1 means that the conditions for event registration were repeated N – 1 times. The value 1 is displayed for the incident in this column.

  • ID

    Unique ID of the registered event or incident.

  • Application.

    Information about applications or programs that were running when event registration conditions occurred. An event saves the application data received from EPP applications.

  • Program user.

    Information about the user account that was used to start the application or program specified in the Application column.

  • Status

    This icon corresponds to the status of an event or incident.

  • Description.

    Description specified for the event type.

  • End

    For an event that is not an incident, this is the date and time when the Resolved status was assigned, or the date and time of the event regenerate timeout. For an incident, this is the latest date and time of the end of events that are part of the incident. Just like with the Start column, you can view the date together with the time, or just the date or time by itself.

  • Triggered rule

    For an event that is not an incident, this is the name of the Process Control rule or Intrusion Detection rule whose triggering caused the registration of the event. For an incident, this is the name of the correlation rule whose triggering caused the registration of the incident.

  • Monitoring point

    Monitoring point whose traffic invoked registration of the event.

  • Event type

    Numerical code assigned to the event type.

  • Marker

    This is a selection of icons that you can set for any event or incident so that you can easily find events and incidents based on a criterion that is not in the table.

When viewing the table of events and incidents, you can use the configuration, filter, search, and sorting functions.

Did you find this article helpful?
What can we do better?
Thank you for your feedback! You're helping us improve.
Thank you for your feedback! You're helping us improve.