Configuring the Anomaly Detector service

You can configure the procedure for detecting anomalies based on the specific features of your monitored asset by enabling or disabling specific anomaly detection in the Anomaly Detector service settings.

System administrators can configure the Anomaly Detector service.

To configure the settings of the Anomaly Detector service:

  1. In the lower-left corner of the window, click An icon in the form of two horizontal equalizer sliders..

    You will be taken to the administrator menu.

  2. Select System parametersAnomaly Detector.

    A list of options appears on the right.

  3. Enable or disable the Limit Detector using the Use Limit Detector toggle switch.

    Limit Detector logs incidents when the upper or lower blocking thresholds set for the tag are exceeded.

  4. Use the Use Forecaster detector toggle switch to enable or disable anomaly detection with ML model predictive elements.

    ML model predictive elements register incidents when detecting discrepancies between observed and predicted tag values.

  5. Enable or disable the XGBoost detector using the Use XGBoost detector toggle switch.
  6. Use the Use Rule Detector toggle switch to enable or disable anomaly detection with ML model elements based on diagnostic rules.

    Diagnostic rules register incidents when the output of a diagnostic rule exceeds a predetermined limit.

  7. Enable or disable the function for skipping gaps in the incoming data stream using the Skip gaps in data toggle switch.

    If the toggle switch is on, during ML model inference, its components do not generate any artifacts when no data is received for the ML model element tags for a period longer than the UTG period as specified in Grid step (sec) for that element.

  8. In the Maximum number of records requested from the Message Broker service field, enter the number of records that must be requested from the Message Broker service for subsequent processing in the Anomaly Detector.

    The higher the value, the less frequently Anomaly Detector requests records from Message Broker. The value depends on the amount of telemetry data received by Kaspersky MLAD in real time.

  9. In the Number of messages sent in one block to the Message Broker service field, enter the number of incidents that must be sent to the Message Broker service at one time.
  10. Click the Save button.
Page top