Scenario: working with Kaspersky MLAD
This section describes the actions that can be taken by a user when working in the main menu of Kaspersky MLAD.
The scenario for working with the application consists of the following steps:
- Creating presets to monitor the section of the protected facility
For quick access to data, upload a preset configuration to Kaspersky MLAD. A preset configuration is created by a Kaspersky employee or certified integrator. A preset configuration is described in a JSON file. For an example of a preset configuration description, see the Appendix.
You can create presets that include tags corresponding to industrial units, in the application web interface. If necessary, you can modify existing presets.
- Preparing an ML model
To analyze the telemetry on the monitoring object and detect anomalies, prepare ML models. Add ML models and markups to Kaspersky MLAD. Train the ML model elements and check the training results. Should adjustments be required, modify the training parameters and retrain the relevant elements. Start ML model inference to register incidents. If required, deploy the ML model to register incidents.
- Viewing historical data
Go to the History section. Choose the appropriate preset and define the date and time range to view historical data on process parameters and the results of their processing by ML models: generated artifacts and/or registered incidents. You can use navigation when viewing the historical data.
- Monitoring in online mode
To view the received values of process parameters and the results of their processing by ML models, go to Monitoring. Select the relevant preset and time interval to display the incoming data.
- Viewing data in the Time slice section
To view the values of the process parameters received from the monitored asset's sensors at a certain point in time, go to the Time slice section. Select the relevant preset and specify the date and time interval for viewing the data. You can use navigation when viewing the data.
- Working with incidents
Go to the Incidents section and view information about the registered incidents. Analyze the incidents and add expert opinions or comments where you can indicate if the registered incidents are anomalies.
If you are subscribed to incident notifications, you will receive an email message when an abnormal situation arises. The message will indicate the date and time when the incident began and will provide a link you can use to go to the History section.
- Working with events and patterns
To work with events and patterns, configure attention settings and display of event parameters. Navigate to Event Processor and create monitors to track specific events, patterns, or event parameters. View the events and patterns detected by the Event Processor.