Monitoring the performance of the application

You can monitor application operation using the widgets in the Dashboard section of the application web interface window. You can add, delete, and move widgets, configure the display scale of widgets, and select the data display period.

About widgets and layouts

You can use widgets to monitor application operation.

A layout is the appearance of the workspace of the application web interface window in the Dashboard section. You can add, delete, and move widgets in the layout, as well as configure the scale of widgets.

If you are using the

distributed solution

Two-level hierarchy of servers with Central Node components installed. This hierarchy allocates a primary control server (Primary Central Node (PCN)) and secondary servers (Secondary Central Nodes (SCN)).

Two-level hierarchy of servers with Central Node components installed. This hierarchy allocates a primary control server (Primary Central Node (PCN)) and secondary servers (Secondary Central Nodes (SCN)).

multitenancy mode

Operation mode in which Kaspersky Anti Targeted Attack Platform is used to protect the infrastructure of multiple organizations or branch offices of the same organization simultaneously.

Operation mode in which Kaspersky Anti Targeted Attack Platform is used to protect the infrastructure of multiple organizations or branch offices of the same organization simultaneously.

By default, this section displays information only on alerts that were not processed by users. To also display information on processed alerts, turn on the Processed switch in the upper-right corner of the window.

The Dashboard section displays the following widgets:

• Alerts:
  • Alerts by status. Displays the alert status depending on the Kaspersky Anti Targeted Attack Platform user processing the alert and on whether or not this alert has been processed.
  • Alerts by technology. Displays the names of the application modules or components that generated the alert.
  • Alerts by attack vector. Displays detected objects based on the vector of the attack.
  • VIP alerts by importance. Displays the importance of alerts with VIP status depending on the impact that these alerts may have on the security of computers or the corporate LAN based on Kaspersky experience.
  • Alerts by importance. Displays the importance of alerts for users of the Kaspersky Anti Targeted Attack Platform depending on the impact that these alerts may have on the security of computers or the corporate LAN based on Kaspersky experience.

  The left part of each widget lists attack vectors, alert importance levels, alert status, and technologies that generated the alerts. The right part of each widget displays the number of times the alerts were triggered during the selected period for data display in widgets.

  To go to the Alerts section of the application web interface and view related alerts, click the link with the name of the attack vector, alert importance level, and technology that generated the alert. Alerts are filtered based on the selected element.

• Top 10:
  • Domains. 10 domains most frequently seen in alerts.
  • IP addresses. 10 IP addresses most frequently seen in alerts.
  • Email senders. 10 email senders most frequently seen in alerts.
  • Email recipients. 10 email recipients most frequently seen in alerts.
  • TAA hosts. 10 hosts that occur most frequently in events and alerts generated by the Targeted Attack Analyzer (TAA) technology.
  • TAA rules. 10 TAA (IOA) rules that occur most frequently in events and alerts generated by the Targeted Attack Analyzer (TAA) technology.
  • Sent to Sandbox by TAA rules. 10 TAA (IOA) rules that most frequently cause Kaspersky Anti Targeted Attack Platform to send files for scanning by the Sandbox component.

  The left part of each widget lists the domains, email addresses of recipients, IP addresses and email addresses of message senders, host names, and TAA (IOA) rule names. The right part of each widget displays the number of times the alerts were triggered during the selected period for data display in widgets.

  By clicking the link with the name of each domain, recipient address, IP address, and message sender address, you can go to the Alerts section of the application web interface and view related alerts.

  Click the link with the host name and the name of the TAA (IOA) rule to go to the Events section of the application web interface and view related events.

  Alerts and events are filtered based on the selected element.

Adding a widget to the current layout

To add a widget to the current layout:

1. Select the Dashboard section in the application web interface window.
2. In the upper part of the window, click the button.
3. In the drop-down list, select Customize.
4. Click Widgets.
5. This opens the Manage widgets window; in that window, turn on the toggle switch next to the widget that you want to add.

The widget is added to the current layout.

Moving a widget in the current layout

To move a widget in the current layout:

1. Select the Dashboard section in the application web interface window.
2. In the upper part of the window, click the button.
3. In the drop-down list, select Customize.
4. Select the widget that you want to move within the layout.
5. Left-click and hold the upper part of the widget to drag and drop the widget to a different place in the layout.
6. Click Save.

The current layout is saved.

Removing a widget from the current layout

To remove a widget from the current layout:

1. Select the Dashboard section in the application web interface window.
2. In the upper part of the window, click the button.
3. In the drop-down list, select Customize.
4. Click the icon in the upper right corner of the widget that you want to remove from the layout.

   The widget is removed from the workspace of the application web interface window.

5. Click Save.

The widget is removed from the current layout.

Saving a layout to PDF

To save a layout to PDF:

1. Select the Dashboard section in the application web interface window.
2. In the upper part of the window, click the button.
3. In the drop-down list, select Save as PDF.

   This opens the Saving as PDF window.

4. In the lower part of the window, in the Layout drop-down list, select the page orientation.
5. Click Download.

   The layout in PDF format is saved to the hard drive of your computer in the downloads folder of the browser.

6. Click Close.

Configuring the data display period in widgets

You can configure the display of data in widgets for the following periods:

• Day
• Week
• Month

To configure the display of data in widgets for a day (from 00:00 a.m. to 11:59 p.m.):

1. Select the Dashboard section in the application web interface window.
2. In the upper-right corner of the application web interface window, in the drop-down list of data display periods, select Day.
3. In the calendar to the right of the Day period name, select the date for which you want to display data in the widget.

All widgets on the Dashboard page display data for the period you selected.

To configure the display of data on widgets for a week (Monday through Sunday):

1. Select the Dashboard section in the application web interface window.
2. In the upper-right corner of the application web interface window, in the drop-down list of data display periods, select Week.
3. In the calendar to the right of the Week period name, select the week for which you want to display data in the widget.

All widgets on the Dashboard page display data for the period you selected.

To display data display in widgets for a month (calendar month):

1. Select the Dashboard section in the application web interface window.
2. In the upper-right corner of the application web interface window, in the drop-down list of data display periods, select Month.
3. In the calendar to the right of the Month period name, select the month for which you want to display data in the widget.

All widgets on the Dashboard page display data for the period you selected.

Configuring the widget display scale

You can configure the display scale for "Alerts" type widgets. The icon in the upper right corner of a widget means you can configure the scale for that widget.

To configure the display scale for widgets:

1. Select the Dashboard section in the application web interface window.
2. In the upper part of the window, click the button.
3. In the drop-down list, select Customize.
4. Click in the upper right corner of the widget.
5. In the drop-down list, select one of the following widget display sizes:
   • 1x1.
   • 2x1.
   • 3x1.

   The display scale of the selected widget is modified.

6. Repeat the steps for all widgets for which you want to set the display scale.
7. Click Save.

The display scale of widgets is configured.

Basics of managing "Alerts" type widgets

You can configure the display scale for all "Alerts" type widgets.

The left part of each widget displays the legend for colors used in widgets.

To the right of the legend, the number of alerts of each type for the selected period for displaying data in widgets is displayed.

By clicking the link with the type of each alert, you can go to the Alerts section of the application web interface and view all alerts of this type. Alerts are filtered based on the specific type.

The right part of each widget displays data columns. The vertical axis shows the number of events, and the horizontal axis shows the date and time of the alert. You can edit the period of data display in widgets and select the tenant for which information is displayed in the widget.

Position your mouse cursor on each data column to display the number of alerts counted for the period represented by the specific column. The number of unprocessed alerts is displayed by default. You can enable the display of processed alerts by selecting the Processed check box in the upper-right corner of the window. In this case, the total number of all alerts will be displayed.

Viewing the working condition of modules and components of the application

If modules or components of the application encounter errors that the administrator is advised to look at, a yellow warning box is displayed in the upper part of the Dashboard section of the application web interface.

Users with the Local administrator, Administrator, or Security auditor roles can gain access to information about the working condition of the Central Node, PCN, or SCN server that the user is currently managing.

Users with the Senior security officer, Security officer, or Security auditor roles can gain access to the following information about the working condition:

• If you are using a standalone Central Node server, the user can access information about the working condition of the Central Node server which the user is currently managing.
• If you are using the distributed solution and multitenancy mode, and the user is managing an SCN server, the user can gain access to information about the working condition of that SCN server for tenants to whose data the user has access.
• If you are using the distributed solution and multitenancy mode, and the user is managing the PCN server, the user can gain access to information about the working condition of the PCN server and all SCN servers connected to that server, for tenants to whose data the user has access.

For details about the working condition of application modules and components,

click View details to open the System health window.

In the System health window, one of the following icons is displayed depending on the working condition of the application modules and components:

• if the modules and components of the application are working normally.
• An icon with the number of problems (for example, ) if problems are found that the administrator is recommended to pay attention to. In this case, detailed problem information is displayed in the right part of the System health window.

The System health window contains the following sections:

• Component health contains information on the operational status of application modules and components, quarantine, and database update on all servers where the application is running.

  Example: If the databases of one or more application components have not been updated in 24 hours, the icon is displayed next to the name of the server on which the application modules and components are installed. To resolve the problem, make sure that update servers are accessible. If you are using a proxy server to connect to update servers, make sure the proxy server has no errors pertaining to the connection to Kaspersky Anti Targeted Attack Platform servers.

• Processed—Status of receiving and processing incoming data. The status is generated based on the following criteria:
  • State of receiving data from servers with the Sensor component, from the server or virtual machine with the mail sensor, from hosts with the Endpoint Agent component.
  • Information about exceeding the maximum allowed time that objects wait in the queue to be scanned by application modules and components.
• Connection with servers—Status of the connection between the PCN server and connected SCN servers (displayed if you are using the distributed solution and multitenancy mode).

If problems are detected with the performance of application modules or components and you cannot resolve those problems on your own, please contact Kaspersky Technical Support.