Glossary
Account role
Set of access rights that determine the actions available to a user when connected to the application web interface. There are two roles available to users in Kaspersky MLAD: Administrator and Operator.
Anomaly
Any deviation in the behavior of a monitored asset that is abnormal, unexpected, and not prescribed by the industrial process.
Attention
A special configuration of the Event Processor intended to track events and patterns for specific subsets of event history (attention directions). An attention direction is defined by the event parameter value that is common for all events of this direction. The Event Processor detects events and patterns only for the attention directions defined in the attention settings.
Connector
Service that facilitates the exchange of data with external systems.
Event
Set of values describing a change in the state of a monitored asset based on a predefined list of parameters, with the timestamp of the change.
Gradient boosting
Machine learning technique for classification and regression problems that builds a prediction model in the form of an ensemble of prediction models, which are typically decision trees (XGBoost).
ICS
Abbreviation for Industrial Control System. A package of hardware and software designed to automate control of process equipment at industrial enterprises.
Incident
A deviation from the expected (normal) behavior of a monitored asset identified by the anomaly detector.
ML model
Algorithm based on machine learning methods tasked with analyzing the telemetry of the monitored asset and detecting anomalies.
ML model branch
Determines how the predicted tag value, personal tag error and MSE are calculated. For a complex model, the calculation may involve multiple ML model elements that have a different composition of tags and error calculation parameters.
Monitor
Source of notifications about patterns, events, or values of event parameters detected by the Event Processor according to the defined monitoring criteria. The monitoring criteria define a sliding time interval, the number of sequential detections, filters for event parameter values, and the condition for detecting new events, patterns, or event parameter values.
Notification
A message with information about an incident (or incidents), which is sent by the application via notification delivery systems (for example, via email) to the specified addresses.
Pattern
Sequence of events or other patterns identified within the stream of events from the monitored asset.
Preset
Set of tags generated by a user in arbitrary order or created automatically when an incident is registered. A set of tags in a custom preset can correspond to a certain aspect of the technological process or a section of the monitored asset.
Tag
Variable that contains the value of a specific process parameter such as temperature.
Uniform temporal grid (UTG)
An infinite sequence of points in time separated by equal intervals, to which the stream of incoming telemetry data is converted.