About widgets and layouts

You can use widgets to monitor application operation.

A layout is the appearance of the workspace of the application web interface window in the Dashboard section. You can add, delete, and move widgets in the layout, as well as configure the scale of widgets.

If you are using the distributed solution and multitenancy mode, this section displays information for the selected tenant.

Operation mode in which Kaspersky Anti Targeted Attack Platform is used to protect the infrastructure of multiple organizations or branch offices of the same organization simultaneously.

Two-level hierarchy of servers with Central Node components installed. This hierarchy allocates a primary control server (Primary Central Node (PCN)) and secondary servers (Secondary Central Nodes (SCN)).

By default, this section displays information only on alerts that were not processed by users. To also display information on processed alerts, turn on the Processed switch in the upper-right corner of the window.

The Dashboard section displays the following widgets:

• Alerts:
  • Alerts by status. Displays the alert status depending on the Kaspersky Anti Targeted Attack Platform user processing the alert and on whether or not this alert has been processed.
  • Alerts by technology. Displays the names of the application modules or components that generated the alert.
  • Alerts by attack vector. Displays detected objects based on the vector of the attack.
  • VIP alerts by importance. Displays the importance of alerts with VIP status depending on the impact that these alerts may have on the security of computers or the corporate LAN based on Kaspersky experience.
  • Alerts by importance. Displays the importance of alerts for users of the Kaspersky Anti Targeted Attack Platform depending on the impact that these alerts may have on the security of computers or the corporate LAN based on Kaspersky experience.

  The left part of each widget lists attack vectors, alert importance levels, alert status, and technologies that generated the alerts. The right part of each widget displays the number of times the alerts were triggered during the selected period for data display in widgets.

  To go to the Alerts section of the application web interface and view related alerts, click the link with the name of the attack vector, alert importance level, and technology that generated the alert. Alerts are filtered based on the selected element.

• Top 10:
  • Domains. 10 domains most frequently seen in alerts.
  • IP addresses. 10 IP addresses most frequently seen in alerts.
  • Email senders. 10 email senders most frequently seen in alerts.
  • Email recipients. 10 email recipients most frequently seen in alerts.
  • TAA hosts. 10 hosts that occur most frequently in events and alerts generated by the Targeted Attack Analyzer (TAA) technology.
  • TAA rules. 10 TAA (IOA) rules that occur most frequently in events and alerts generated by the Targeted Attack Analyzer (TAA) technology.
  • Sent to Sandbox by TAA rules. 10 TAA (IOA) rules that most frequently cause Kaspersky Anti Targeted Attack Platform to send files for scanning by the Sandbox component.

  The left part of each widget lists the domains, email addresses of recipients, IP addresses and email addresses of message senders, host names, and TAA (IOA) rule names. The right part of each widget displays the number of times the alerts were triggered during the selected period for data display in widgets.

  By clicking the link with the name of each domain, recipient address, IP address, message sender address, host name, and TAA (IOA) rule name, you can go to the Alerts section of the application web interface and view related alerts. Alerts are filtered based on the selected element.