Managing incident notifications

You can set up notifications for Kaspersky MLAD to send to users about incidents identified through the analysis of telemetry data or from ML model output. Notifications are sent to the email addresses specified in the notifications. You can edit and delete notifications regarding incidents for Kaspersky MLAD users.

Only system administrators can manage incident notifications.

The Mail Notifier service must be configured and started in advance.

All created notifications about incidents and information about them are displayed in the Notifications section in the administrator menu. If necessary, you can change the number of notifications displayed on one page.

Notifications section

Creating an incident notification

Only system administrators can manage incident notifications.

You can create notifications about incidents recorded during telemetry data processing and/or as a result of ML model operation.

To create an incident notification for a user:

1. In the lower-left corner of the window, click .

   You will be taken to the administrator menu.

2. Select the Notifications section.
3. On the opened page, click the Create button.

   The Create notification window opens.

4. Specify the name of the notification in the Name field.
5. To enable sending of notifications, set the State toggle switch to the Activated position.
6. In the Notification language field, select the language of the delivered incident notifications.

   By default, the current localization language of the Kaspersky MLAD web interface is used for incident notifications. It is available in English and Russian.

7. In the Users email addresses drop-down list, select the email addresses of the application users to send notifications to.
8. In the Additional email addresses field, specify additional email addresses to send incident notifications to, separated with a semicolon.
9. To enable notifications about incidents registered by ML models, do the following:
   1. To configure notifications about incidents registered by predictive elements of ML models, select Predictive elements.
   2. To configure notifications about incidents registered by ML model diagnostic rules, select Rules.
   3. To configure notifications about incidents registered by elliptic envelopes of ML models, select the Elliptic envelopes check box.
   4. Select one or more ML models to send notifications for.

      To select all ML models within an asset, check the box next to the asset name.

10. To enable notifications about incidents registered only by published ML models, set Send incident notifications for published models only to Activated.
11. To enable incident notifications for tags:
    1. To configure notifications for when a tag has reached an upper or lower blocking threshold, select Limit Detector.
    2. If you want to configure sending of the notifications about the termination or interruption of the input data stream for a specific tag, or about the detection of observations that arrived too soon or too late, select the Stream Processor check box.
    3. Select one or more tags you want to send notifications for.

       To select all tags within an asset, check the box next to the asset name.

12. Click the Save button.

Information about the new notification will be displayed in the table. If necessary, you can edit or delete notifications.

A separate notification will be sent to the specified email addresses for each incident registered for selected ML models and/or tags.

Editing an incident notification

Only system administrators can manage incident notifications.

To edit an incident notification:

1. In the lower-left corner of the window, click .

   You will be taken to the administrator menu.

2. Select the Notifications section.
3. Click the button next to the notification that you want to edit.
4. Adjust the incident notification settings, if needed. For a description of the settings, see the instructions on setting up an incident notification.
5. Click the Save button to save the changes.

A separate notification will be sent to the specified email addresses for each incident registered for selected ML models and/or tags.

The updated information about the notification will be displayed in the table. If necessary, you can delete notifications.

Deleting an incident notification

Only system administrators can manage incident notifications.

To delete an incident notification:

1. In the lower-left corner of the window, click .

   You will be taken to the administrator menu.

2. Select the Notifications section.
3. Click the button next to the notification that you want to delete.
4. In the window that opens, confirm the deletion of the notification.

Information about the notification will be deleted from the table.

Kaspersky MLAD allows you to temporarily disable sending of notifications instead of deleting their configuration. Information about notifications is saved in the Notifications section. You can enable sending of notifications at any time. You can enable or disable notifications by editing the corresponding incident notification.