Support

Support for business applications

Kaspersky XDR Expert

Monitoring, reporting, and audit

Events and event selections

Using event selections

Kaspersky Next XDR Expert
Online Help
FAQ Forum Contact support Recovery tools

Using event selections

May 15, 2024

ID 166234

Get as PDF

Event selections provide an onscreen view of named sets of events that are selected from the Administration Server database. These sets of events are grouped according to the following categories:

  • By importance level—Critical events, Functional failures, Warnings, and Info events
  • By time—Recent events
  • By type—User requests and Audit events

You can create and view user-defined event selections based on the settings available, in the OSMP Console interface, for configuration.

Event selections are available in the OSMP Console, in the Monitoring & reporting section, by clicking Event selections.

By default, event selections include information for the last seven days.

Open Single Management Platform has a default set of event (predefined) selections:

  • Events with different importance levels:
    • Critical events
    • Functional failures
    • Warnings
    • Informational messages
  • User requests (events of managed applications)
  • Recent events (over the last week)
  • Audit events.

In Kaspersky Next XDR Expert, audit events related to service operations in your OSMP Console are displayed. These events are conditioned by actions of Kaspersky specialists. These events, for example include the following: logging in to Administration Server; Administration Server ports changing; Administration Server database backup; creation, modification, and deletion of user accounts.

You can also create and configure additional user-defined selections. In user-defined selections, you can filter events by the properties of the devices they originated from (device names, IP ranges, and administration groups), by event types and severity levels, by application and component name, and by time interval. It is also possible to include task results in the search scope. You can also use a simple search field where a word or several words can be typed. All events that contain any of the typed words anywhere in their attributes (such as event name, description, component name) are displayed.

Both for predefined and user-defined selections, you can limit the number of displayed events or the number of records to search. Both options affect the time it takes Open Single Management Platform to display the events. The larger the database is, the more time-consuming the process can be.

You can do the following:

See also:

Device selections

Did you find this article helpful?
What can we do better?
Thank you for your feedback! You're helping us improve.
Thank you for your feedback! You're helping us improve.