Stream Processor service – a new component is added for converting telemetry data received from the monitored asset at arbitrary real-time moments to a uniform temporal grid (UTG). The Stream Processor component considers possible data losses and processes observations received by Kaspersky MLAD too early or too late. In such cases, Stream Processor registers incidents.
Event Processor service – the functionality that switches the Event Processor to the sleep mode according to a specified schedule is implemented. In the sleep mode, the Event Processor analyses sequences of events processed in the online mode once again to improve the quality of previously detected patterns and their structure. A mechanism for saving the Event Processor service state in the database after processing each episode of events is implemented. This mechanism ensures that the data is saved up to the last processed episode and reduces the need for computational resources required to save the full state of the Event Processor service. The functionality is added that allows you to view the structure of patterns as a layered hierarchy of nested elements, including the time intervals between the elements within the pattern.
Tags section of the web interface – the function is implemented to automatically add unknown tags received from external assets via the KICS Connector in accordance with the names of tags and assets in Kaspersky Industrial CyberSecurity for Networks 3.0 and later.