Adaptive Anomaly Control reports
5 March 2024
ID 231532
Kaspersky Endpoint Security Cloud provides you with two reports related to the Adaptive Anomaly Control feature: Adaptive Anomaly Control rules state and Adaptive Anomaly Control detections.
Adaptive Anomaly Control rules state report
This report displays states of Adaptive Anomaly Control rules. The report is displayed on the Reports tab only if you activated Kaspersky Endpoint Security Cloud under a Kaspersky Endpoint Security Cloud Pro license.
In the summary part, the report shows the distribution of Adaptive Anomaly Control rules by their state.
The table with detailed information includes the following columns:
- Device name
Device on which a rule has a certain state. If a rule is in the "Smart" mode, its state on different devices may vary: on some devices, the training may be finished while on others, it may still be in progress.
- Rule name
Name of the Adaptive Anomaly Control rule.
- Rule state
State of the Adaptive Anomaly Control rule.
- Training progress, % (for rules in "Smart training" state)
The value depends on the rule state:
- For rules in the "Off", "Notify", or "Block" state, the value is always 0.
- For rules in the "Smart training" state, the value is as follows:
100%*(period from the latest unprocessed detection to now):(rule training duration)
- For rules in the "Smart block" state, the value is always 100, because the training for them has already finished.
- Number of detections (for rules in "Smart training" state)
The value depends on the rule state:
- For rules that are or have ever been in the "Smart training" state, the value is the number of actual detections that you have not processed yet.
- For other rules, the value is always 0.
Adaptive Anomaly Control detections report
This report displays detections of Adaptive Anomaly Control. The report is displayed on the Reports tab only if you activated Kaspersky Endpoint Security Cloud under a Kaspersky Endpoint Security Cloud Pro license. The report includes the following columns:
- Device name
Device on which the detection occurred.
- User name
Owner of the device on which the detection occurred.
- Rule name
Name of the Adaptive Anomaly Control rule that made the detection.
- Action
Mode of the Adaptive Anomaly Control rule (Notify, Block, or Smart).
- Source process and Source object
The object that performed the detected actions (for example, a file that the user opened).
- Target process and Target object
The object on which the detected actions were performed (for example, a browser that uses a library that is loaded into the computer memory as a result of opening the file).