System monitoring in online mode
Kaspersky Industrial CyberSecurity for Networks displays data for monitoring the current state of the system in the Dashboard section of the application web interface. Data is automatically updated in online mode.
Data in the Dashboard section is presented as individual blocks called widgets. Depending on its purpose, a widget may contain an updatable value or message about the current state of the application, or provide expanded information about up-to-date data.
The Dashboard section may display the following widgets:
- Widgets containing information for monitoring the current state of the system and the most significant changes:
- Devices and security states – distribution of devices by their security state.
- Event scores – histogram that arranges events based on their scores for the selected period. Columns of the histogram correspond to integer values of event scores. You can change how data is displayed on the pie chart that arranges events by their severity level. Depending on the numerical value of its score, an event may have a severity of Low (score of 0.0–3.9), Medium (4.0–7.9) or High (8.0–10.0).
- Events by technology – shows the quantitative distribution of events based on the various event registration technologies for the selected period.
- Frequently encountered users of applications in events – shows the most frequently registered user names in events based on data from EPP applications for the selected period.
- Frequently encountered users of applications in events – shows the most frequently registered user names in events based on data from EPP applications for the selected period.
- Frequently encountered devices in events – shows the most frequently registered devices in events for the selected period.
- Top devices by risk count – shows the most frequently registered devices in detected risks for the selected period.
- Risk scores – histogram that arranges risks based on their scores for the selected period. Columns of the histogram correspond to integer values of event scores. You can change how data is displayed on the pie chart that arranges risks by their severity level. Depending on the numerical value of its score, a risk may have a severity of Low (score of 0.0–3.9), Medium (4.0–7.9) or High (8.0–10.0).
- Situational awareness – shows notifications about currently identified threats to system security (for example, Detected 10 unauthorized network interactions). This widget displays notifications in the order of their severity.
- Protection by EPP applications – quantitative ratio of computers protected by EPP applications to computers not protected by EPP applications. The center of the pie chart displays the total number of protected and unprotected computers.
A computer is considered to be protected by an EPP application if Kaspersky Industrial CyberSecurity for Networks has information regarding fulfillment of the following conditions:
- An EPP application is installed on the computer.
- The Real-Time Protection task is being performed for the EPP application.
- The EPP application has an Active connection to the integration server.
A computer is considered to be unprotected by an EPP application if at least one of the listed conditions is not fulfilled. The EPP application protection check is performed for all devices in Kaspersky Industrial CyberSecurity for Networks containing the name of a Windows operating system (any version) as the installed operating system, or if devices belong to one of the following categories:
- Server
- Workstation
- Devices – contains information about devices in the industrial network (arranged by device category).
- Events – contains information about the events and incidents that have the most recent values for the date and time of last occurrence.
- Widgets containing information about the application and about the hardware resources of the Server and sensors:
- Traffic – rate of incoming traffic. This widget can display data on all monitoring points of all nodes that have application components installed, data on monitoring points of the selected node, or data on one individual monitoring point.
- Processor – processor utilization on the selected node that has an application component installed.
- RAM – amount of physical RAM being used on the selected node that has an application component installed.
- Performance – information about the current state of application performance. This widget can display the following values:
- OK – there are no messages regarding performance issues, or all performance issues have been resolved.
- Non-critical malfunction – there are messages regarding non-critical malfunctions (this is displayed until the performance issue is resolved).
- Operation disrupted – there are messages regarding application performance issues (this is displayed until the performance issue is resolved).
- Maintenance mode – the application is running in maintenance mode.
- Tags – rate of processing of tags detected by the application. This widget can display data on all monitoring points of all nodes that have application components installed, data on monitoring points of the selected node, or data on one individual monitoring point.
- Storage – information about the drive in the local file system on the selected node with the application component installed. On this widget, you can select the following data to be displayed:
- Disk usage – percentage of time taken to process data read/write operations.
- Occupied on disk – volume of used disk space.
- Read from disk – rate of reading data from the disk.
- Write to disk – rate of writing data to the disk.
- Traffic processing latency – current delay in traffic processing from the time it arrives at a monitoring point of the node (displays the maximum delay time received from all enabled monitoring points). This widget can display data on all monitoring points of all nodes that have application components installed, or data on monitoring points of the selected node.
- Status of functions – general information about the current state of protection functions in the application. This widget can display the following values:
- All are enabled – all technologies and methods designed for continual use are enabled, and all created monitoring points are enabled.
- Not all are enabled – some protection functions are disabled or are enabled in learning mode, or not all monitoring points are enabled.
- Uptime – operating time of Kaspersky Industrial CyberSecurity for Networks. On this widget, you can select the following data to be displayed:
- Effective uptime – duration of normal operation of the application (without malfunctions) since the most recent startup until the current moment.
- Total uptime – operating time since the first startup of the application until the current time (includes periods of normal operation and periods when the application was running with malfunctions).
- Since first start of application – total time that has elapsed since the first startup of the application until the current time (includes periods of normal operation, periods when the application was running with malfunctions, and periods when the application was not operational).
- Widgets without dynamically updated information. You can create widgets with user-defined contents. These widgets are called custom widgets. For example, you can use custom widgets to logically separate groups of widgets in the Dashboard section.
Widgets provide various ways to get your attention depending on incoming data. For example, widgets containing information about the application and hardware resources can automatically change color if the information requires attention (for instance, when the load on a hardware resource is nearing critical load).
Widgets display only the main information, which is dynamically updated. If you need to view more detailed information (for example, about devices with issues), you can proceed from the Dashboard section to other sections of the application web interface. You can switch between sections by using your mouse to select interface elements of widgets.
