Support

Support for business applications

Kaspersky Unified Monitoring and Analysis Platform

Administrator's guide

Working in hierarchy mode

Viewing incidents from child nodes

Kaspersky Unified Monitoring and Analysis Platform
Нет результатов
Knowledge Base Online Help
FAQ Solution overview Forum Contact support Product videos

Viewing incidents from child nodes

December 4, 2023

ID 229682

Get as PDF

If hierarchy mode is enabled, you can view the Incidents section to inspect the incidents that were created on child nodes and their descendants. The incidents table displays the Branch column, which can be used to filter incidents based on the nodes in which they were created. By default, the incidents table displays the incidents that were created on your node.

To select the nodes whose incidents you want to view:

  1. In the KUMA web interface, open the Incidents section.
  2. Click the header of the Branch column and click the parent-category icon in the opened window.

    The right side of the window will display the details area containing the hierarchical structure of the organization. You can use the more button to expand or collapse all branches of the structure, or select all KUMA nodes.

  3. Select the relevant nodes and click Save.

The incidents table displays the incidents that were created on the nodes that you selected.

When you click an incident, a window opens with detailed information about the incident. The data is read-only. An incident from another node cannot be edited or processed.

Special considerations when viewing data on an incident created on a different node:

  • The Related alerts section of the incident window contains information only if the child node is configured to forward data on incident-related alerts to the parent node.

    When you click on the name of an incident-related alert, a window opens with detailed information about this alert. This data is also read-only. An alert from another node cannot be edited or processed.

  • The Related events section in the window of an alert related to an incident of another node contains information only if the child node is configured to forward data on incident-related events to the parent node.

    In this case, you can use the Find in events button to open the events table and search for relevant events. However, you cannot select the storage, and there are limitations applied to SQL queries when searching events in alert investigation mode. This mode employs data enrichment (for example, using Kaspersky Threat Intelligence Portal, Kaspersky CyberTrace or Active Directory). The results of Kaspersky Threat Intelligence Portal data enrichment performed on child nodes are not available on parent nodes.

See also:

About incidents

About alerts

About events

Interaction with RuCERT

Did you find this article helpful?
What can we do better?
Thank you for your feedback! You're helping us improve.
Thank you for your feedback! You're helping us improve.