Support

Support for business applications

Kaspersky Industrial CyberSecurity for Networks

Performing common tasks

Working with the network interactions map

Viewing events associated with nodes of known devices

Kaspersky Industrial CyberSecurity for Networks
Нет результатов
Online Help
FAQ Download Forum Contact support Recovery tools Product videos

Viewing events associated with nodes of known devices

March 22, 2024

ID 181438

Get as PDF

For the nodes corresponding to the known devices on the network interactions map, you can view the events associated with these devices. When events are loaded, they are automatically filtered based on the IDs of devices using the values of the MAC- and IP addresses specified for the devices.

The capability to load events is available if no more than 200 nodes are selected on the network interactions map. You can select the relevant nodes individually or as part of collapsed groups that include the relevant devices. When a collapsed group is selected, all devices in the child groups of any nesting level are also included in the device selection.

To view events associated with devices:

  1. On the network interactions map, select one or multiple objects corresponding to the nodes of known devices and/or collapsed groups.

    To select multiple nodes and/or groups, do one of the following:

    • Hold down the SHIFT key and use your mouse to select a rectangular area containing the relevant objects.
    • Hold down the CTRL key and use your mouse to select the relevant objects.

    The details area appears in the right part of the web interface window. The details area shows the total number of selected nodes and groups while also showing the quantitative distribution of selected objects by type.

  2. If the selected objects belong to different types or categories of devices, you can exclude certain types of objects (for example, nodes of devices that are unknown to the application) or categories (for example, PLC). To do so, clear the check box next to the name of the category or type.
  3. Depending on which events you want to load, click one of the following buttons (the buttons are unavailable if the total number of devices in the selection exceeds 200):
    • Show events – if you want to view events with any status.
    • Show unprocessed events – if you want to view events with the New or In progress status.

The Events section opens. The events table applies the filter based on the IDs of devices corresponding to the selected nodes on the network interactions map (the Device IDs field appears on the toolbar). If you loaded events by using the Show unprocessed events button, events are additionally filtered by the Status column.

Did you find this article helpful?
What can we do better?
Thank you for your feedback! You're helping us improve.
Thank you for your feedback! You're helping us improve.