Kaspersky Machine Learning for Anomaly Detection
- About Kaspersky Machine Learning for Anomaly Detection
- What's new
- Basic concepts of Kaspersky MLAD
- Kaspersky MLAD components
- Common deployment scenarios
- Telemetry and event data flow diagram
- Administering Kaspersky MLAD
- Installing the application
- Updating the application and rolling back to the previous installed version
- Getting started
- Starting and stopping Kaspersky MLAD
- Updating Kaspersky MLAD certificates
- First startup of Kaspersky MLAD
- Configuring Kaspersky MLAD
- Configuring the main settings of Kaspersky MLAD
- Configuring the Anomaly Detector service
- Configuring the Keeper service
- Configuring the Mail Notifier service
- Configuring the Similar Anomaly service
- Configuring the Stream Processor service
- Configuring the HTTP Connector
- Configuring the MQTT Connector
- Configuring the AMQP Connector
- Configuring the OPC UA Connector
- Configuring the KICS Connector
- Configuring the CEF Connector
- Configuring the WebSocket Connector
- Configuring the Event Processor service
- Configuring the statuses and causes of incidents
- Configuring logging of Kaspersky MLAD services
- Configuring time intervals for displaying data
- Configuring how the Kaspersky MLAD main menu is displayed
- Exporting and importing a configuration file for Kaspersky MLAD components
- Starting, stopping, and restarting services
- Managing tags
- Managing ML models and templates
- Configuring settings in the Event Processor section
- Managing user accounts
- Managing incident notifications
- Removing the application
- Connecting to Kaspersky MLAD and closing the session
- Kaspersky MLAD web interface
- Licensing the application
- Processing and storing data in Kaspersky MLAD
- Performing common tasks
- Scenario: Working with Kaspersky MLAD
- Viewing summary data in the Dashboard section
- Viewing incoming data in the Monitoring section
- Viewing data in the History section
- Viewing data in the Time slice section
- Viewing data for a specific preset in the Time slice section
- Selecting a specific branch of the ML model in the Time slice section
- Selecting a date and time interval in the Time slice section
- Navigating through time in the Time slice section
- Configuring how graphs are displayed in the Time slice section
- Working with events and patterns
- Working with incidents and groups of incidents
- Scenario: Analysis of incidents
- Viewing incidents
- Viewing the technical specifications of a registered incident
- Viewing incident groups
- Studying the behavior of the monitored asset at the moment when an incident was detected
- Adding a status, cause, expert opinion or note to an incident or incident group
- Exporting incidents to a file
- Working with ML models and templates
- Managing presets
- Viewing the status of a service
- Troubleshooting
- When connecting to Kaspersky MLAD, the browser displays a certificate warning
- The hard drive has run out of free space
- The operating system restarted unexpectedly
- Cannot connect to the Kaspersky MLAD web interface
- Graphs are not displayed in the History and Monitoring sections
- Events are not transmitted between Kaspersky MLAD and external systems
- Cannot load data to view in the Event Processor section
- Data is incorrectly processed in the Event Processor section
- Events are not displayed in the Event Processor section
- Previously created monitors and the specified attention settings are not displayed in the Event Processor section
- The localization language for Help needs to be changed before connecting to the application
- Contacting Technical Support
- Appendix
- Glossary
- Information about third-party code
- Trademark notices
Basic concepts of Kaspersky MLAD > Incidents > Incidents detected by the Stream Processor service
Incidents detected by the Stream Processor service
Incidents detected by the Stream Processor service
The Stream Processor service gathers real-time telemetry data received from the monitored asset at arbitrary points in time and converts this data to a uniform temporal grid. When gathering incoming data, the Stream Processor service can detect losses of telemetry data and observations that were received by Kaspersky MLAD too early or too late. The Stream Processor service registers an incident in such cases.
Incidents detected by the Stream Processor service are displayed in the incidents table of the Incidents section. Each incident registered by the Stream Processor service is automatically assigned one of the following incident types:
- Monitored asset time failure – observations received by Kaspersky MLAD too early are detected.
- Late receipt of observation – observations received by Kaspersky MLAD too late are detected.
- No data – input data stream for a specific tag was terminated or interrupted.
Article ID: 238431, Last review: Dec 7, 2022