Monitoring & Reporting

The following features are available to monitor operation of Kaspersky Industrial CyberSecurity Endpoint Detection and Response:

• EDR alerts widget
• List of alerts
• Kaspersky Security Center reports and selections

Adding EDR alerts widget

The EDR alerts widget displays information about the number of alerts on the devices for the last month. The widget is available on the Dashboard tab in Kaspersky Security Center Web Console. The widget allows you to switch to the Alerts section, where a list of alerts on devices is displayed.

To add the EDR alerts widget to the dashboard:

1. Go to the Monitoring & Reporting → Dashboard section.
2. Click the Add or restore web widget button.
3. In the list of available web widgets, select the Alerts web widget from the Threat statistics category.
4. Click the Add button.

   The web widget is added to the end of the dashboard.

For more details on working with widgets, please refer to Kaspersky Security Center Windows Help and Kaspersky Security Center Linux Help.

Viewing the list of alerts

To view all alerts as a list,

in Kaspersky Security Center Web Console, go to the Alerts section.

The Alerts section displays automatically after Kaspersky Endpoint Detection and Response Optimum activation. You can also enable display of this section in Kaspersky Security Center Windows or Kaspersky Security Center Linux.

From the list of alerts, you can open the details of the selected alert.

Monitoring the solution performance on devices

Kaspersky Security Center functionality allows you to get information on the current protection status of the devices and on the devices in your infrastructure where the

You can get this information by generating a selection of devices by the status of Kaspersky Industrial CyberSecurity Endpoint Detection and Response component.

To generate a selection of devices by the status of Kaspersky Industrial CyberSecurity Endpoint Detection and Response component:

1. In Kaspersky Security Center Web Console, go to the Devices → Device selections section.
2. Create a new device selection with the following condition:
   1. Select the Details of Kaspersky applications section.
   2. In the Application components list, select the Endpoint Detection and Response component for Kaspersky Endpoint Agent.
   3. In the Status drop-down list, select the required value of the selection criterion to display devices with this operation status.
   4. Click the Save button.

The new selection displays the list of devices with the selected operation status of Kaspersky Industrial CyberSecurity Endpoint Detection and Response.

Viewing information about triggering of the Execution prevention rules

Kaspersky Security Center functionality allows you to get information about the applications, execution of which was prevented by Kaspersky Industrial CyberSecurity Endpoint Detection and Response as a result of the triggering the execution prevention rules.

To view a report on the applications prevented from execution:

1. In Kaspersky Security Center Web Console select Monitoring & Reporting → Reports.
2. Select the required report from the list:
   • Report on prohibited applications – to view information about the applications that were prevented from execution in the Block and log to the report mode.
   • Report on prohibited applications in test mode – to view information about the applications that were prevented from execution in the Log events only mode.

Generating a list of isolated devices

Kaspersky Security Center functionality allows you to get information about the devices with enabled network isolation.

You can get this information by generating a selection of devices by the ISOLATED FROM NETWORK tag.

In Kaspersky Security Center Web Console, you can generate a selection of isolated devices on a physical Administration Server only after network isolation was applied at least once on this server.

To generate a selection of devices isolated from the network:

1. In Kaspersky Security Center Web Console, go to the Devices → Device selection section.
2. Create a new device selection with the following condition:
   1. Select the Tags section.
   2. Click the Add button and create a selection criterion for all devices having the ISOLATED FROM NETWORK tag.

The new selection displays a list of devices isolated from the network.