Viewing the events history
Kaspersky MLAD lets you view the events that were received from external sources of events. To view events, you need to upload them to Event Processor → Event history.
The functionality is available after a license key is added.
Kaspersky MLAD displays incoming events as a graph of relations between event parameters. The graph nodes correspond to the values of the event parameters, and the arcs between the nodes correspond to the links between the parameter values of incoming events. You can hover the mouse pointer over the event graph and view information about the event parameters and their values. You can also hover the mouse pointer over the event graph arc and view information about the number of links between the values of event parameters. The graph of event parameter relations is displayed on the Graph tab.
Each monitored asset has its own specific incoming events and event parameters. The list of event parameters is defined in the configuration file for the Event Processor service. The configuration file is created and uploaded by a system administrator during configuration of the Event Processor service.
To upload data for viewing incoming events:
- In the main menu, select the Event Processor → Event history section.
- In the Filters section, click the
button to select the start and end date and time of the period for which you want to load and view events. To configure event parameters, do one of the following:
- To load events based on the specific values of the event parameters, select the relevant event parameter value in the drop-down lists. As you start typing a value, all matching parameter values are displayed in the lists.
- To load events based on a value template, click
in the event parameter cells, use the drop-down lists to enter the value template with the help of a regular expression, and select specified value template.
You can use special characters of regular expressions to perform a search based on regular expressions.
Each monitored asset has its own specific set and names of event parameters.
- Click the Process request button.
Data on the events found by the application will be displayed as a graph in the central part of the page.
- To view the received events as a table, select the Table tab.
The central part of the page displays a table that contains information on the detected events.