Support

Support for business applications

Kaspersky XDR Expert

Managing Kaspersky Unified Monitoring and Analysis Platform

User guide

Analytics

Widgets

Kaspersky Next XDR Expert
Online Help
FAQ Forum Contact support Recovery tools

Widgets

May 15, 2024

ID 265230

Get as PDF

Widgets let you monitor the operation of the application.

Widgets are organized into widget groups, each one related to the analytics type they provide. The following widget groups and widgets are available in KUMA:

  • Events—widget for creating analytics based on events.
  • Active lists—widget for creating analytics based on active lists of correlators.
  • Assets—group for analytics related to assets from processed events. This group includes the following widgets:
    • Affected assets—table with information about the level of importance of assets and the number of unclosed alerts they are associated with.
    • Affected asset categories—categories of assets linked to unclosed alerts.
    • Number of assets—number of assets that were added to KUMA.
    • Assets in incidents by tenant—number of assets associated with unclosed incidents. The grouping is by tenant.
    • Assets in alerts by tenant—number of assets associated with unclosed alerts, grouped by tenant.
  • Event sources—group for analytics related to sources of events. The group includes the following widgets:
    • Top event sources by alerts number—number of unclosed alerts grouped by event source.
    • Top event sources by convention rate—number of events associated with unclosed alerts. The grouping is by event source.

      In some cases, the number of alerts generated by sources may be inaccurate. To obtain accurate statistics, it is recommended to specify the Device Product event field as unique in the correlation rule, and enable storage of all base events in a correlation event. However, correlation rules with these settings consume more resources.

  • Users—group for analytics related to users from processed events. The group includes the following widgets:
    • Affected users in alerts—number of accounts related to unclosed alerts.
    • Number of AD users—number of Active Directory accounts received via LDAP during the period configured for the widget.

In the events table, in the event details area, in the alert window, and in the widgets, the names of assets, accounts, and services are displayed instead of the IDs as the values of the SourceAssetID, DestinationAssetID, DeviceAssetID, SourceAccountID, DestinationAccountID, and ServiceID fields. When exporting events to a file, the IDs are saved, but columns with names are added to the file. The IDs are also displayed when you point the mouse over the names of assets, accounts, or services.

Searching for fields with IDs is only possible using IDs.

In this section

Basics of managing widgets

Special considerations for displaying data in widgets

Creating a widget

Editing a widget

Deleting a widget

Widget settings

Displaying tenant names in "Active list" type widgets

Did you find this article helpful?
What can we do better?
Thank you for your feedback! You're helping us improve.
Thank you for your feedback! You're helping us improve.