Viewing the events history
Kaspersky MLAD lets you view the events that were received from external sources of events. To view events, you need to upload them to Event Processor → Event history.
Viewing the event history is available to system administrators.
Kaspersky MLAD displays incoming events as a graph of relations between event parameters. The graph nodes correspond to the values of the event parameters, and the arcs between the nodes correspond to the links between the parameter values of incoming events. You can hover the mouse pointer over the event graph and view information about the event parameters and their values. You can also hover the mouse pointer over the event graph arc and view information about the number of links between the values of event parameters.
You can also view information about the detected events as a table.
Each monitored asset has its own specific incoming events and event parameters. The list of event parameters is defined in the configuration file for the Event Processor service. The configuration file is created and uploaded by a system administrator during configuration of the Event Processor service.
To upload data for viewing incoming events:
- In the main menu, select the Event Processor → Event history section.
- In the Filters section, click the calendar icon () to select the start and end date and time of the period for which you want to load and view events. To configure event parameters, do one of the following:
- To load events based on the specific values of the event parameters, select the event parameter value in the drop-down lists. As you start typing a value, all matching parameter values are displayed in the lists.
- To load events based on a value template, enable the Regular expression option for the relevant event parameters, in the drop-down lists, specify the value template using a regular expression, and select Regular expression: <value template>.
You can use special characters of regular expressions to perform a search based on regular expressions.
Each monitored asset has its own specific set and names of event parameters.
- Click the Process request button.
Data on the events found by the application will be displayed as a graph in the central part of the page.
- To view the received events as a table, select the Table tab.
The central part of the page displays a table that contains information on the detected events.