Kaspersky Machine Learning for Anomaly Detection

First startup of Kaspersky MLAD

This section describes the sequence of application configuration steps that must be performed by the administrator when Kaspersky MLAD is started for the first time.

Kaspersky MLAD starts automatically immediately after installation.

The first startup of Kaspersky MLAD consists of the following steps:

  1. Starting Kaspersky MLAD

    Start Kaspersky MLAD. The following services required for Kaspersky MLAD operation will be started:

    • API Server
    • Web Server
    • Message Broker
    • Keeper
    • Time Series Database
    • Database
    • Logger
  2. Connecting to the Kaspersky MLAD web interface

    Open the application web interface in a supported browser and enter the login and password that were created by default. Change the password for your user account. For a secure connection to Kaspersky MLAD web interface, install a trusted certificate.

  3. Configuring services

    In the SettingsSystem parameters section, configure the services that you need to use for your monitored asset. In the Services section, check the statuses of the services and start them, if necessary. For example, the Anomaly Detector service must be running for correct anomaly detection.

  4. Uploading a tag configuration to Kaspersky MLAD and creating presets

    A tag configuration is created by a Kaspersky expert or integrator while deploying the application and building an ML model. A tag configuration is described in a JSON file. An example configuration description is provided in the Appendix.

    For subsequent operation, upload a tag configuration to Kaspersky MLAD. If your tag configuration does not contain presets, create new presets from tags.

  5. Uploading and activating an ML model

    An ML model is not included in the application distribution kit but is provided as part of the Kaspersky MLAD Model-building and Deployment Service.

    Upload and activate the ML model. To activate the ML model, you must enter a model activation code.

  6. Configuring connectors

    To work with data, configure the connectors used at your monitored asset. You can configure the following connectors:

  7. Connecting to a data source

    When the above connectors are configured, start the connectors used for your monitored asset. Go to the Dashboard section and make sure that data is being received by Kaspersky MLAD in online mode.

  8. Configure attention

    To work with events and patterns, configure attention settings and display of event parameters. The Event Processor service detects events and patterns only for the attention directions defined in the attention settings.

  9. Creating user accounts

    Create accounts for users of the application and assign the necessary roles to them. Configure incident notifications for users.

Completion of these steps should result in the following:

  • Kaspersky Machine Learning for Anomaly Detection is prepared for operation, and the application is receiving and processing data.
  • Users can start working with Kaspersky MLAD using the web interface.