Viewing a report on the virtual machines on which System Integrity Monitoring rules were triggered the maximum number of times

Report on the virtual machines on which System Integrity Monitoring rules were triggered maximum number of times in the Administration Console

To view the report on the virtual machines on which the System Integrity Monitoring rules were triggered maximum number of times in the Administration Console:

1. Open Kaspersky Security Center Administration Console.
2. In the workspace of the Administration Server <Server name> node, go to the Reports tab.
3. Click the New report template button to start the New Report Template Wizard.
4. Follow the wizard instructions.
5. In the Selecting the report template type window, in the Other section, select the Top 10 devices with the most frequently triggered File Operations Monitoring/System Integrity Monitoring rules type.
6. After creating a report template, select it in the list of templates on the Reports tab.

The report will be displayed in the workspace.

The Period field shows the reporting period covered by the report. By default, the report is generated for the last 30 days, which includes the report generation date.

The report consists of two tables:

• The summary table contains information on the protected virtual machines on which System Integrity Monitoring rules were triggered the maximum number of times.
• The detailed table contains information on each instance of a triggered rule.

You can customize display of the columns for each table. For details on how to add or remove columns in the report tables please refer to the Kaspersky Security Center help.

The summary table contains the following information:

• Device name – name of the protected virtual machine on which System Integrity Monitoring rules were triggered.
• Number of events – number of times System Integrity Monitoring rules were triggered on the protected virtual machine.
• Number of rules – number of System Integrity Monitoring rules that were triggered on the protected virtual machine.

  The row below displays the following summary information:

  • Number of devices – total number of protected virtual machines on which System Integrity Monitoring rules were triggered.
  • Number of events – total number of times System Integrity Monitoring rules were triggered on protected virtual machines.
  • Event receipt limit reached – information about whether the maximum number of events that Kaspersky Security Center can receive from System Integrity Monitoring components on client devices has been reached. The limit on the number of received events is configured in the Kaspersky Security Center registry and is 15,000 events per day by default. If the number of received events has exceeded the limit, Yes is displayed in the field.

The detailed table contains the following information:

• Virtual Server – the name of the virtual Administration Server (if available) that manages the protected virtual machine.
• Group name – the name of the group that includes the protected virtual machine on which the System Integrity Monitoring rule was triggered.
• IP address – IP address of the protected virtual machine on which the System Integrity Monitoring rule was triggered.
• Last visible – date and time when the protected virtual machine on which the System Integrity monitoring rule was triggered was last observed on the network by the Administration Server.
• Last connected to Network Agent – date and time when Network Agent was last synchronized with the Administration Server.
• Device name – name of the protected virtual machine on which the System Integrity Monitoring rule was triggered.
• NetBIOS name – name of the protected virtual machine on which the System Integrity Monitoring rule was triggered.
• Domain name – name of the domain that includes the protected virtual machine on which the System Integrity Monitoring rule was triggered.
• DNS name – DNS name of the protected virtual machine on which the System Integrity Monitoring rule was triggered.
• Domain DNS name – DNS name of the domain that includes the protected virtual machine on which the System Integrity Monitoring rule was triggered.
• Importance – importance level of the System Integrity Monitoring event. Possible values: Informational message, Important message, Critical message.
• Event time - date and time when the event occurred.
• Name of the triggered rule – name of the System Integrity Monitoring rule that was triggered.
• Object path – path to the monitored object whose modification was detected by the System Integrity Monitoring component. Depending on the type of control object, the following information is displayed in the column:
  • Path to the file or folder, if the System Integrity Monitoring component detected a change to a file or folder.
  • Registry key, if the System Integrity Monitoring component detected a change in the registry.
  • External device, if the System Integrity Monitoring component detected the connection of an external device.
• Action – action taken on the monitored object. Possible values: Create, Modify, Delete, Connect.
• Object type – type of the monitored object whose modification was detected by the System Integrity Monitoring component. Possible values: File or folder, Registry key, External device.
• System Integrity Monitoring component was disabled – information about whether the System Integrity Monitoring component was disabled when the event occurred. For Kaspersky Security, this field always shows No.
• User – user account of the protected virtual machine on which the System Integrity Monitoring rule was triggered.

Report on the virtual machines on which System Integrity Monitoring rules were triggered maximum number of times in the Web Console

To create a template of a report on virtual machines on which the System Integrity Monitoring rules were triggered maximum number of times in the Web Console:

1. Start the Web Console.
2. In the Monitoring and Reports section, select Reports.
3. Click the Add button above the list of report templates.
4. In the window that opens, in the Report name field, specify the name of the created report template and in the Report type section in the Other subsection select the Top 10 devices with most frequently triggered File Operations Monitoring / System Integrity Monitoring rules type.
5. In the Scope window, specify the devices information on which is to be displayed in the report.
6. In the Report period window, specify the time interval data for which is to be displayed in the report.
7. In the Report created window, do one of the following:
   • Click the Save and run button to start generating the report.
   • Click the Save button to save the report template.

The created report template will be displayed in the workspace.

To view the report on the virtual machines on which the System Integrity Monitoring rules were triggered maximum number of times in the Web Console:

1. Start the Web Console.
2. In the Monitoring and Reports section, select Reports.

   A list of report templates opens.

3. Select the check box next to the name of the report template of the Top 10 devices with most frequently triggered File Operations Monitoring / System Integrity Monitoring rules type.
4. Click the View report button.

The report window opens.

The report has two tabs:

• The Summary tab contains information on the protected virtual machines on which System Integrity Monitoring rules were triggered maximum number of times:
  • Name of the protected virtual machine on which System Integrity Monitoring rules were triggered.
  • Number of times System Integrity Monitoring rules were triggered on the protected virtual machine.
  • Number of System Integrity Monitoring rules that were triggered on the protected virtual machine.
• The Details tab contains information about each rule triggering event.

You can customize the displayed columns in tables on the report tabs. For details on how to add or remove columns in the report tables please refer to the Kaspersky Security Center help.