Configuring the Similar Anomaly service

Kaspersky MLAD uses the Similar Anomaly service to identify similar incidents and combine them into groups. In groups, you can view similar incidents that were registered at different times.

Configuration of the Similar Anomaly service is performed by an administrator (Kaspersky employee or certified integrator).

To configure the Similar Anomaly service:

1. In the administrator menu, select System parameters → Similar Anomaly.

   A list of service settings appears on the right.

2. In the Minimum number of incidents to group field, enter the minimum number of similar incidents for forming a group.
3. In the Maximum number of incidents to group field, enter the maximum number of incidents that can be put into one group.

   If you want all incidents to be put into one group, leave this field empty.

4. In the Maximum distance between similar incidents field, enter the maximum distance that similar incidents can lag behind each other.

   You can specify a value in the range of 0 to 1.

5. Click the Save button.

Page top