Support

Support for business applications

Kaspersky Machine Learning for Anomaly Detection

Working with the main menu

Working with incidents and groups of incidents

Viewing incidents

Kaspersky Machine Learning for Anomaly Detection
Нет результатов
Online Help
FAQ Contact support Recovery tools Product videos

Viewing incidents

December 6, 2023

ID 248090

Get as PDF

To view incidents that were registered on a specific date:

  1. In the main menu, select the Incidents section.
  2. In the upper part of the opened page, on the bar graph, click the graph column for the relevant date.
  3. If necessary, filter incidents by detector, top tag, status, group, or incident cause by selecting relevant values in the corresponding drop-down list.

The table located in the central area of the page shows the incidents registered on that day according to the specified filtering criteria. When you click the Reset button, the table and the bar graph show all registered incidents.

The following information is displayed for each incident in the table:

  • ID refers to the ID of the registered incident.
  • Date and time refers to the date and time when the incident was registered.

    Clicking the incident registration date opens the History section, where you can view information about the "Tags for event #N" preset generated for the registered incident.

  • Top tag name refers to the name of the process parameter for which the largest deviation from the prediction was recorded at the time of incident registration.
  • Incident cause refers to the cause of a logged incident added by the expert (process engineer or ICS specialist) after incident analysis or defined by the ML model.
  • Model name refers to the name of the ML model whose element registered the incident.
  • Detector refers to the name of the detector that identified an anomaly and registered the incident: Forecaster, Limit Detector, Rule Detector, Stream Processor.
  • Group refers to the name of the incident group to which the registered incident belongs.

    If two or more similar incidents are detected, they are combined into a group that is created automatically by using the Similar Anomaly service. You can view only those incidents included in the group by selecting the group name from the drop-down list.

  • Status refers to the status of a logged incident specified by the expert (process engineer or ICS specialist) after incident analysis or defined by the ML model.

    You can set the incident status based on analysis results by selecting the appropriate value from the drop-down list. After installation of Kaspersky MLAD, the following statuses of incidents and incident groups are available by default: Under review, Decision pending, Instructions issued, Problem closed, Cause unknown, Ignore and False positive. If necessary, the system administrator can create, edit, or delete statuses of incidents.

Did you find this article helpful?
What can we do better?
Thank you for your feedback! You're helping us improve.
Thank you for your feedback! You're helping us improve.