Getting tenant protection reports

A virtual machine is considered protected if the Light Agent installed on it is connected to the SVM. Each SVM can receive data about the time intervals when Light Agents were connected to the SVM and pass this data to the Integration Server database. Based on this information, you can use the Integration Server REST API to receive reports on the protection status of the tenant virtual machines.

You can use the tenant protection report to get information about all protected tenant virtual machines and all time intervals when each virtual machine was protected by Kaspersky Security. The report can also be used to get information about the protection of all virtual machines that connected to the SVM during the specified reporting period, including the virtual machines that do not belong to any tenant.

Getting tenant protection reports consists of the following steps:

1. Enabling the function of transferring report data to the Integration Server database.
2. Report generation. The report is generated as a CSV file in a temporary folder.
3. Report upload. The generated report can be uploaded in its entirety or in parts for integration into the service provider's reporting system.

Enabling the function of transferring report data

By default, the function of transferring report data is disabled on the Integration Server. If you want to receive tenant protection reports, you need to enable the reporting data feature in the Integration Server configuration file appsettings.json. Depending on the version of the Integration Server, the file is located at one of the following paths:

• /var/opt/kaspersky/viis/common/ for the Linux-based Integration Server
• %ProgramFiles(x86)%\Kaspersky Lab\Kaspersky VIISLA\ for the Windows-based Integration Server.

To enable the function of receiving report data:

1. Open the appsettings.json configuration file for editing.
2. In the Multitenancy section, set the EnableProtectionReports parameter to true and save the file.
3. Restart the Integration Server.

The Integration Server will receive data on the time intervals when Light Agents were connected to SVMs from each SVM.

If the function of receiving report data is enabled, but SVM is not connected to the Integration Server, the data packets are queued for sending. When the maximum number of packets in the queue is reached, older data packets are deleted. The parameters for sending data are set up in the /etc/opt/kaspersky/agents_monitor/agents_monitor.conf configuration file on SVM. You can configure the maximum queue size for the packets to be sent using the max_queue_size parameter.

The received data is stored in the Integration Server database. The default report retention period is 460 days. You can specify this value using the ProtectionPeriodsRecordsLifetimeDays parameter in the Multitenancy section of the appsettings.json configuration file of the Integration Server.

The size of the Integration Server database increases in proportion to the number of the protected tenant virtual machines.

Page top

Generating tenant protection reports

The report generation procedure is automated by means of the Integration Server REST API.

You can pass the following report generation parameters in the request to the REST API:

• Identifier of the tenant for which you want to generate the report.
• Start date and time of the period for which you want to generate a report.
• End date and time of the period for which you want to generate a report.

If a tenant ID is not specified in the request, the report will include data on all virtual machines that were protected during the specified period, data on virtual machines that do not belong to tenants.

If the report generation period is not specified in the request, the report will include data stored in the Integration Server database from the earliest date up to the current moment.

To obtain reliable information in the reports, it is recommended to follow these rules when specifying the reporting period:

• Specify the reporting period accurate to a day.
• Set the end of the reporting period not less than 60 minutes from the current moment.

As a result of the report generation procedure, the report identifier is returned. Depending on the version of the Integration Server, the report is saved at the following path:

• /var/opt/kaspersky/viis/common/reports – protected directory of the Linux-based Integration Server.
• %ProgramData%\Kaspersky Lab\VIISLA\protectionPeriodsReports – protected folder of the Linux-based Integration Server.

By default, the report is stored for 24 hours from the moment of generation. To get the report, use the report identifier in the request to the REST API to upload the report.

You can configure the report retention period using the ProtectionPeriodsRecordsLifetimeDays parameter in the Multitenancy section of the appsettings.json configuration file of the Integration Server. Depending on the version of the Integration Server, the file is located at one of the following paths:

• /var/opt/kaspersky/viis/common/ for the Linux-based Integration Server
• %ProgramFiles(x86)%\Kaspersky Lab\Kaspersky VIISLA\ for the Windows-based Integration Server.

The data in the report is presented line by line. Each line contains information about one virtual machine protection period in the following format:

{tenant ID};{tenant name};{virtual machine ID};{virtual machine name};{date and time when protection was enabled};{date and time when protection was disabled}

where:

• {tenant ID} – identifier of the tenant to which the virtual machine belongs. If the virtual machine does not belong to any tenant, nothing is displayed in this field.
• {tenant name} – tenant name specified when creating the tenant. If the virtual machine does not belong to any tenant, nothing is displayed in this field.
• {virtual machine ID} – identifier of the virtual machine that was protected by the application.
• {virtual machine name} – name of the virtual machine that was protected by the application.
• {date and time when protection was enabled} – start date and time of the virtual machine protection period.
• {date and time when protection was disabled} – end date and time of the virtual machine protection period.

If during the reporting period the virtual machine was protected by the application several times (protection was enabled and disabled), the report displays each virtual machine protection period.

Uploading tenant protection reports

The report upload procedure is automated by means of the Integration Server REST API.

In the request to the REST API, the report identifier obtained at the previous step and the data display format (CSV) must be specified.

Other data display formats are not supported.

You can upload all report data or get partial data.

You can integrate data obtained as a result of the query into your reporting system.