Kaspersky Machine Learning for Anomaly Detection
- About Kaspersky Machine Learning for Anomaly Detection
- What's new
- Basic concepts of Kaspersky MLAD
- Kaspersky MLAD components
- Common deployment scenarios
- Telemetry and event data flow diagram
- Administering Kaspersky MLAD
- Installing the application
- Updating the application and rolling back to the previous installed version
- Getting started
- Starting and stopping Kaspersky MLAD
- Updating Kaspersky MLAD certificates
- First startup of Kaspersky MLAD
- Configuring Kaspersky MLAD
- Configuring the main settings of Kaspersky MLAD
- Configuring the Anomaly Detector service
- Configuring the Keeper service
- Configuring the Mail Notifier service
- Configuring the Similar Anomaly service
- Configuring the Stream Processor service
- Configuring the HTTP Connector
- Configuring the MQTT Connector
- Configuring the AMQP Connector
- Configuring the OPC UA Connector
- Configuring the KICS Connector
- Configuring the CEF Connector
- Configuring the WebSocket Connector
- Configuring the Event Processor service
- Configuring the statuses and causes of incidents
- Configuring logging of Kaspersky MLAD services
- Configuring time intervals for displaying data
- Configuring how the Kaspersky MLAD main menu is displayed
- Exporting and importing a configuration file for Kaspersky MLAD components
- Starting, stopping, and restarting services
- Managing tags
- Managing ML models and templates
- Configuring settings in the Event Processor section
- Managing user accounts
- Managing incident notifications
- Removing the application
- Connecting to Kaspersky MLAD and closing the session
- Kaspersky MLAD web interface
- Licensing the application
- Processing and storing data in Kaspersky MLAD
- Performing common tasks
- Scenario: Working with Kaspersky MLAD
- Viewing summary data in the Dashboard section
- Viewing incoming data in the Monitoring section
- Viewing data in the History section
- Viewing data in the Time slice section
- Viewing data for a specific preset in the Time slice section
- Selecting a specific branch of the ML model in the Time slice section
- Selecting a date and time interval in the Time slice section
- Navigating through time in the Time slice section
- Configuring how graphs are displayed in the Time slice section
- Working with events and patterns
- Working with incidents and groups of incidents
- Scenario: Analysis of incidents
- Viewing incidents
- Viewing the technical specifications of a registered incident
- Viewing incident groups
- Studying the behavior of the monitored asset at the moment when an incident was detected
- Adding a status, cause, expert opinion or note to an incident or incident group
- Exporting incidents to a file
- Working with ML models and templates
- Managing presets
- Viewing the status of a service
- Troubleshooting
- When connecting to Kaspersky MLAD, the browser displays a certificate warning
- The hard drive has run out of free space
- The operating system restarted unexpectedly
- Cannot connect to the Kaspersky MLAD web interface
- Graphs are not displayed in the History and Monitoring sections
- Events are not transmitted between Kaspersky MLAD and external systems
- Cannot load data to view in the Event Processor section
- Data is incorrectly processed in the Event Processor section
- Events are not displayed in the Event Processor section
- Previously created monitors and the specified attention settings are not displayed in the Event Processor section
- The localization language for Help needs to be changed before connecting to the application
- Contacting Technical Support
- Appendix
- Glossary
- Information about third-party code
- Trademark notices
Administering Kaspersky MLAD > Configuring Kaspersky MLAD > Configuring the Similar Anomaly service
Configuring the Similar Anomaly service
Configuring the Similar Anomaly service
Kaspersky MLAD uses the Similar Anomaly service to identify similar incidents and combine them into groups. In groups, you can view similar incidents that were registered at different times.
Configuration of the Similar Anomaly service is performed by an administrator (Kaspersky employee or certified integrator).
To configure the Similar Anomaly service:
- In the administrator menu, select System parameters → Similar Anomaly.
A list of service settings appears on the right.
- In the Minimum number of incidents to group field, enter the minimum number of similar incidents for forming a group.
- In the Maximum number of incidents to group field, enter the maximum number of incidents that can be put into one group.
If you want all incidents to be put into one group, leave this field empty.
- In the Maximum distance between similar incidents field, enter the maximum distance that similar incidents can lag behind each other.
You can specify a value in the range of
0to1. - Click the Save button.
Article ID: 207976, Last review: Dec 7, 2022