Network attack report

The network attack report contains information about registered network attacks targeting the protected virtual machines and about suspicious network activity detection that may be a sign of an intrusion into the protected infrastructure.

By default, the template of the network attack report is not included in the list of report templates on the Reports tab. Use the Report Template Wizard to add a network attack report template to the list of templates (see the Kaspersky Security Center documentation for details). After the Wizard finishes, the newly created report template will be added to the list on the Reports tab.

The Period field displays the period of time covered by the data included in the report.

It contains the following consolidated information:

• Attack. The type of network attack or suspicious network activity.
• Attacks count. The number of registered network attacks or suspicious network activities of this type.
• Attacking addresses. The number of IP addresses from which network attacks have been registered or which showed the suspicious network activity of this type.
• Devices attacked. The number of protected virtual machines whose traffic displayed activity typical of network attacks or suspicious network activity of this type.
• Groups attacked. Kaspersky Security always displays 1 in this field, because all protected virtual machines are assigned to one "pseudohosts” conditional group. The "pseudohosts" group does not belong to administration groups and is not displayed in the Kaspersky Security Center Administration Console. Protected virtual machines cannot belong to administration groups, because they are not considered as client devices of Kaspersky Security Center.
• First detection. The date and time of the first detection of the activity typical of network attacks or suspicious network activity of this type.
• Last detection. The date and time of the last detection of the activity typical of network attacks or suspicious network activity of this type.

  The row below contains the following consolidated information:

  • Attacks count. The number of registered network attacks or suspicious network activities of all types.
  • Various attacks. The number of types of registered network attacks or suspicious network activities.
  • Attack IPs. The total number of IP addresses from which network attacks have been registered or which showed the suspicious network activity.
  • Devices attacked. The total number of protected virtual machines whose traffic displayed activity typical of network attacks or suspicious network activity.
  • Groups attacked. Kaspersky Security always displays 1 in this field, because all protected virtual machines are assigned to one "pseudohosts” conditional group. The "pseudohosts" group does not belong to administration groups and is not displayed in the Kaspersky Security Center Administration Console. Protected virtual machines cannot belong to administration groups, because they are not considered as client devices of Kaspersky Security Center.
  • First detection time. The date and time of the first detection of the activity typical of network attacks or suspicious network activity of all types.
  • Last detection time. The date and time of the last detection of the activity typical of network attacks or suspicious network activity of all types.

The report contains the following detailed information on each detection of the activity typical of network attacks or suspicious network activity:

• Group. Kaspersky Security always displays pseudohosts in this field, because all protected virtual machines are assigned to one "pseudohosts” conditional group. Protected virtual machines cannot belong to administration groups, because they are not considered as client devices of Kaspersky Security Center.
• Device. The name of the protected virtual machine in whose traffic the network attack or suspicious network activity was registered.
• Attacking address. The number of the IP address from which the network attack have been registered or which showed the suspicious network activity.
• Attack time. The date and time of the network attack or suspicious network activity detection.
• Attack. The type of network attack or suspicious network activity.
• Protocol. Connection protocol, in which network attack or suspicious network activity was detected.
• Port. The number of the port targeted by the network attack or which showed the suspicious network activity.
• Visible. The date and time of the last event associated with the protected virtual machine in whose traffic the network attack or suspicious network activity was registered.
• IP address. The IP address of the protected virtual machine in whose traffic the network attack or suspicious network activity was registered.
• NetBIOS name, DNS name. The name of the protected virtual machine in whose traffic the network attack or suspicious network activity was registered, and the path to the virtual machine in the virtual infrastructure.
• Version number. The version number of the Network Threat Detection component of Kaspersky Security.