Monitoring program operation

You can monitor program operation using the widgets in the Dashboard section of the program web interface window. You can add, delete, and move widgets, configure the display scale of widgets, and select the data display period.

About widgets and layouts

You can use widgets to monitor program operation.

A layout is the appearance of the workspace of the program web interface window in the Dashboard section. You can add, delete, and move widgets in the layout.

The following widgets are available in the program:

• Processed. Displays the processing state for traffic coming from Sensor component and Kaspersky Endpoint Agent program to the server with the Central Node component.
• Queues. Displays information on the number and volume of objects waiting to be scanned by the program modules and components.
• Sandbox processing time. Displays the average time taken to receive the scan results after objects were scanned by the Sandbox component.

If you are using the

distributed solution

Two-level hierarchy of servers with Central Node components installed. This hierarchy allocates a primary control server (Primary Central Node (PCN)) and secondary servers (Secondary Central Nodes (SCN)).

Two-level hierarchy of servers with Central Node components installed. This hierarchy allocates a primary control server (Primary Central Node (PCN)) and secondary servers (Secondary Central Nodes (SCN)).

Two-level hierarchy of servers with Central Node components installed. This hierarchy allocates a primary control server (Primary Central Node (PCN)) and secondary servers (Secondary Central Nodes (SCN)).

multitenancy mode

Operation mode in which Kaspersky Anti Targeted Attack Platform is used to protect the infrastructure of multiple organizations or branch offices of the same organization simultaneously.

Operation mode in which Kaspersky Anti Targeted Attack Platform is used to protect the infrastructure of multiple organizations or branch offices of the same organization simultaneously.

Operation mode in which Kaspersky Anti Targeted Attack Platform is used to protect the infrastructure of multiple organizations or branch offices of the same organization simultaneously.

Selecting a tenant and a server to manage in the Dashboard section

If you are using the distributed solution and multitenancy mode, before using the Dashboard section, you must select the tenant and server whose data you want to view.

To select a tenant and server for which you want to display data in the Dashboard section:

1. In the upper right part of the program web interface window, click the arrow next to the server name.
2. In the drop-down list, select the tenant and server from the list.

Data for the selected server is displayed. If you want to select a different tenant and server, repeat the steps to select a tenant and server.

Adding a widget to the current layout

To add a widget to the current layout:

1. Select the Dashboard section in the program web interface window.
2. In the upper part of the window, click the button.
3. In the drop-down list, select Customize.
4. Click Widgets.
5. In the Manage widgets window that opens:
   • If you want to add the Queues widget, turn on the toggle switch next to the name of this widget.
   • If you want to add the Sandbox processing time widget, turn on the toggle switch next to the name of this widget.
   • If you want to add the Processed widget, click next to the name of this widget.

The selected widget is added to the current layout.

Moving a widget in the current layout

To move a widget in the current layout:

1. Select the Dashboard section in the program web interface window.
2. In the upper part of the window, click the button.
3. In the drop-down list, select Customize.
4. Select the widget that you want to move within the layout.
5. Left-click and hold the upper part of the widget to drag and drop the widget to a different place in the layout.
6. Click Save.

The current layout is saved.

Removing a widget from the current layout

To remove a widget from the current layout:

1. Select the Dashboard section in the program web interface window.
2. In the upper part of the window, click the button.
3. In the drop-down list, select Customize.
4. Click the icon in the upper right corner of the widget that you want to remove from the layout.

   The widget is removed from the workspace of the program web interface window.

5. Click Save.

The widget is removed from the current layout.

Saving a layout to PDF

To save a layout to PDF:

1. Select the Dashboard section in the program web interface window.
2. In the upper part of the window, click the button.
3. In the drop-down list, select Save as PDF.

   This opens the Saving as PDF window.

4. In the lower part of the window, in the Layout drop-down list, select the page orientation.
5. Click Download.

   The layout in PDF format is saved to the hard drive of your computer in the downloads folder of the browser.

6. Click Close.

Configuring the data display period in widgets

You can configure the display of data in widgets for the following periods:

• Day
• Week
• Month

To configure the display of data in widgets for a day (from 00:00 a.m. to 11:59 p.m.):

1. Select the Dashboard section in the program web interface window.
2. In the upper-right corner of the program web interface window, in the drop-down list of data display periods, select Day.
3. In the calendar to the right of the Day period name, select the date for which you want to display data in the widget.

All widgets on the Dashboard page display data for the period you selected.

To configure the display of data on widgets for a week (Monday through Sunday):

1. Select the Dashboard section in the program web interface window.
2. In the upper-right corner of the program web interface window, in the drop-down list of data display periods, select Week.
3. In the calendar to the right of the Week period name, select the week for which you want to display data in the widget.

All widgets on the Dashboard page display data for the period you selected.

To display data display in widgets for a month (calendar month):

1. Select the Dashboard section in the program web interface window.
2. In the upper-right corner of the program web interface window, in the drop-down list of data display periods, select Month.
3. In the calendar to the right of the Month period name, select the month for which you want to display data in the widget.

All widgets on the Dashboard page display data for the period you selected.

Monitoring the receipt and processing of incoming data

In the Processed widget, you can assess the processing status of data coming from the Sensor component and Kaspersky Endpoint Agent component to the server with the Central Node component, and track data processing errors.

To select the component (Sensor or Kaspersky Endpoint Agent) for which you want to assess incoming data, use the drop-down list to the right of the Processed widget name.

You can select the type of data display in the drop-down list to the right of the component name (Sensor or Kaspersky Endpoint Agent):

• Current load—The last 5 minutes.
• Selected period. In this case, you can also configure the period of data display on widgets.

The left part of each widget displays the legend for colors used in the widget itself.

If the Current load data display type is selected, the average data processing rate over the past 5 minutes is displayed to the right of the key.

If the Selected period data display type is selected, to the right of the key you will see the average rate of incoming traffic to the server with the Central Node component and the number of objects processed during the selected period.

Monitoring the queues for data processing by program modules and components

You can use the Queues widget to assess the status of data processing by the

Data transfer in the queue is measured in messages.

You can select the type of data display in the drop-down list to the right of the Queues widget name:

• Current load—The last 5 minutes.
• Selected period. In this case, you can also configure the period of data display on widgets.

The left part of the widget displays the legend for colors used in the widget.

The Queues widget displays the following data:

• Number of messages and Data volume processed by program modules and components:
  • YARA—blue.
  • Sandbox—violet.
  • AM Engine—green.
• Unprocessed—amount of unprocessed data indicated by vertical red lines.

When you hover the mouse cursor over a widget, you see a pop-up window that displays the status of data processing by the YARA and AM Engine program modules and the Sandbox component, as well as the amount of unprocessed data during a specific time period.

Monitoring the processing of data by the Sandbox component

The Sandbox processing time widget displays the average time elapsed from the moment data is sent to one or multiple Sandbox component servers (including the time spent in the queue before getting sent) to the moment when the Sandbox processing results are displayed in the web interface of Kaspersky Anti Targeted Attack Platform for the selected period.

You can increase the rate at which data is processed by the Sandbox component and the throughput of the Sandbox component by increasing the number of servers with the Sandbox component and by distributing the data to be processed among those servers.

Viewing the working condition of modules and components of the program

If modules or components of the program encounter errors that the administrator is advised to look at, a yellow warning box is displayed in the upper part of the Dashboard section of the program web interface.

Users with the Local administrator, Administrator, or Security auditor roles can gain access to information about the working condition of the Central Node, PCN, or SCN server that the user is currently managing.

Users with the Senior security officer, Security officer, or Security auditor roles can gain access to the following information about the working condition:

• If you are using a standalone Central Node server, the user can access information about the working condition of the Central Node server which the user is currently managing.
• If you are using the distributed solution and multitenancy mode, and the user is managing an SCN server, the user can gain access to information about the working condition of that SCN server for tenants to whose data the user has access.
• If you are using the distributed solution and multitenancy mode, and the user is managing the PCN server, the user can gain access to information about the working condition of the PCN server and all SCN servers connected to that server, for tenants to whose data the user has access.

For details about the working condition of program modules and components,

click View details to open the System health window.

In the System health window, one of the following icons is displayed depending on the working condition of the program modules and components:

• if the modules and components of the program are working normally.
• An icon with the number of problems (for example, ) if problems are found that the administrator is recommended to pay attention to. In this case, detailed problem information is displayed in the right part of the System health window.

The System health window contains the following sections:

• Component health contains information on the operational status of program modules and components, Quarantine, and database update on all servers where the program is operating.

  Example: If the databases of one or more program components have not been updated in 24 hours, the icon is displayed next to the name of the server on which the program modules and components are installed. To resolve the problem, make sure that update servers are available. If you are using a proxy server to connect to update servers, make sure the proxy server has no errors pertaining to the connection to Kaspersky Anti Targeted Attack Platform servers.

• Processed—Status of receiving and processing incoming data. The status is generated based on the following criteria:
  • State of receiving data from servers with the Sensor component, from the server or virtual machine with the mail sensor, from Kaspersky Endpoint Agent hosts.
  • Information about exceeding the maximum allowed time that objects wait in the queue to be scanned by program modules and components.
• Connection with servers—Status of the connection between the PCN server and connected SCN servers (displayed if you are using the distributed solution and multitenancy mode).

If there are problems detected in the performance of program modules or components and you cannot resolve those problems on your own, you are advised to contact Kaspersky Technical Support.