Adaptive Anomaly Control reports

17 May 2024

ID 231532

Kaspersky Endpoint Security Cloud provides you with two reports related to the Adaptive Anomaly Control feature: Adaptive Anomaly Control rules state and Adaptive Anomaly Control detections.

Adaptive Anomaly Control rules state report

This report displays states of Adaptive Anomaly Control rules. The report is displayed on the Reports tab only if you activated Kaspersky Endpoint Security Cloud under a Kaspersky Endpoint Security Cloud Pro license.

In the summary part, the report shows the distribution of Adaptive Anomaly Control rules by their state.

A table with detailed information includes the following columns:

  • Device name

    Device on which a rule has a certain state. If a rule is in the "Smart" mode, its state on different devices may vary: on some devices, the training may be finished; while on others, it may still be in progress.

  • Rule name

    Name of the Adaptive Anomaly Control rule.

  • Rule state

    State of the Adaptive Anomaly Control rule.

  • Training progress, % (for rules in "Smart training" state)

    The value depends on the rule state:

    • For rules in the "Off," "Notify," or "Block" state, the value is always 0.
    • For rules in the "Smart training" state, the value is as follows:

      100%*(period from the latest unprocessed detection to now):(rule training duration)

    • For rules in the "Smart block" state, the value is always 100, because the training for them has already finished.
  • Number of detections (for rules in "Smart training" state)

    The value depends on the rule state:

    • For rules that are or have ever been in the "Smart training" state, the value is the number of actual detections that you have not yet processed.
    • For other rules, the value is always 0.

Adaptive Anomaly Control detections report

This report displays detections of Adaptive Anomaly Control. The report is displayed on the Reports tab only if you activated Kaspersky Endpoint Security Cloud under a Kaspersky Endpoint Security Cloud Pro license. This report includes the following columns:

  • Device name

    Device on which the detection occurred.

  • User name

    Owner of the device on which the detection occurred.

  • Rule name

    Name of the Adaptive Anomaly Control rule that made the detection.

  • Action

    Mode of the Adaptive Anomaly Control rule: Notify, Block, or Smart.

  • Source process and Source object

    The object that performed the detected actions (for example, a file that the user opened).

  • Target process and Target object

    The object on which the detected actions were performed (for example, a browser that uses a library that is loaded into the computer memory as a result of opening the file).

Did you find this article helpful?
What can we do better?
Thank you for your feedback! You're helping us improve.
Thank you for your feedback! You're helping us improve.