Kaspersky Anti Targeted Attack Platform

Managing reports

Users with the Senior security officer role can use Kaspersky Anti Targeted Attack Platform to manage reports about application alerts: create report templates, create reports based on a template, view, and delete reports and report templates.

Users with the Security auditor role can view reports and report templates and create reports from templates.

The following types of reports are available:

  • General reports. Templates for these reports are available in the Reports section, Templates subsection. You can manage the generated reports in the Reports section, Generated reports subsection.

    You can manage report templates and reports in all modes of the application in accordance with your license. Reports are generated based on a selection of alerts for a specified period. If you are using

    and mode, the selection can also be based on the tenant and this tenant's servers.

  • NDR functionality reports. Available in the Reports section, Reports (NDR) subsection.

    You can manage report templates and reports if you add a KATA + NDR license key. Reports are generated based on a selection of alerts for the specified period in accordance with the data of the node on which the report is generated.

In this section

Managing common reports

Managing NDR reports

Page top
[Topic 247732][Topic 293250]

Viewing the table of templates and reports

Templates and reports are displayed in the Reports section of the application web interface window.

The Generated reports subsection contains a report table. The table contains the following information:

  • Time created—Date and time of report creation.
  • Report name—Name of the report created based on the template.
  • Period—Period for which the report was generated.
  • Servers is the name of the server with the PCN or SCN role to which the rule applies.

    This column is displayed if you are using the distributed solution and multitenancy mode.

  • Created by—Name of the user that created report.
  • State—Report state (whether the file can be downloaded).

The Templates subsection displays the table of templates. The table contains the following information:

  • Time created—Date and time when the template was created.
  • Time updated—Date and time of last modification of the template.
  • Report name—Name of the template.
  • Created by—Name of the user that created the template.

See also

Managing common reports

Creating a template

Creating a report based on a template

Viewing a report

Downloading a report to a local computer

Editing a template

Filtering templates by name

Filtering templates based on the name of the user that created the template

Filtering templates by creation time

Clearing a template filter

Deleting a template

Filtering reports by creation time

Filtering reports by name

Filtering reports by the name of the server with the Central Node component

Filtering reports based on the name of the user that created the report

Clearing a report filter

Deleting a report

Page top
[Topic 247733]

Creating a template

When creating a report template, you need to specify all the information that you want to display in the report: report name, its description, availability of a table, graph or image. You can also select the data that you want to display in the report and define the position of report elements.

When creating a report in the Reports section, Generated reports subsection of the interface, you can only select the template for creating the report and the data display period.

A new report template is created for each data sample.

To create a template:

  1. In the application web interface window, select the Reports section, Templates tab.

    This opens the table of templates.

  2. Click Add.

    This opens the template creation window. This window contains the body of the report and the report builder in a floating window. You can move the report builder over the workspace of the web interface window.

  3. In the Template name field in the upper-right corner of the window, type the name that you want to assign to reports that are created from this template. For example, Alerts by technology.

    This name is displayed in the table in the Reports section, Generated reports subsection when creating all reports in this template.

  4. In place of the Report title text, type the report name that will be displayed in a report after the report is created. If you do not want to add a report name, you can delete the Report title text and leave this report section blank.

    You can format text using the buttons in the Text section in the template builder.

  5. In place of the Report description text, type the report description that will be displayed in a report after the report is created. If you do not want to add a report description, you can delete the Report description text and leave this report section blank.

    You can format text using the buttons in the Text section in the template designer.

  6. Using the report builder, add one or more report elements:
    • Table.
    • Pie chart.
    • Image.
  7. If you chose to add an image, the Image window opens. Do the following:
    1. Click Upload.
    2. Upload the image. For example, you can upload your company logo.
    3. In the list on the right of the upload button, select the alignment of the image on the report page: Left, Right or Center.
    4. Click Apply.
  8. If you chose to add a pie chart, the Pie chart of alert attributes window opens. Do the following:
    1. In the Name field, type the name of the pie chart. For example, Top 5 alerts by technology. You can also leave the field blank.
    2. In the Data source list, select the alert property for which you want to create a pie chart. For example, Technologies.
    3. In the Number of slices field, specify the maximum number of sectors of the pie chart.

      When a report is created, the application selects the most frequently encountered data. For example, if you specified 5 sectors and want to create a pie chart by technology, the application displays a chart for the 5 technologies that generated the greatest number of alerts. Technologies that generated fewer alerts are not included in the chart.

    4. Click Apply.
  9. If you chose to add a table, the Alerts table window opens. Do the following:
    1. In the Available columns field, double-click to select the alert properties that you want to add to the report table.

      The selected properties are moved to the Selected columns field. You can drag the names of columns between the Available columns and Selected columns fields, and change the order of columns in the report table.

      For example, if you move the Technologies, Detected, and Time created properties to the Selected columns field, the table of the created report displays technologies that generated alerts, a list of detected objects, and the time when the alerts were generated.

    2. If you want to filter alerts by the State property, select the check boxes next to the processing statuses of alerts whose data you want to display in the report.
    3. If you want to filter alerts by the Technologies property, select the check boxes next to the names of application modules and components whose data you want to display in the report.
    4. If you want to filter alerts by the Importance property, select the check boxes next to the importance levels of alerts whose data you want to display in the report.
    5. If you want to filter alerts by the VIP status, select VIP in the list. Only alerts with the VIP status are displayed in the report.
    6. Click Apply.
  10. Click the Save button in the upper-right corner of the window.

A new template will be created.

Users with the Security auditor and Security officer roles cannot create report templates.

See also

Managing common reports

Viewing the table of templates and reports

Creating a report based on a template

Viewing a report

Downloading a report to a local computer

Editing a template

Filtering templates by name

Filtering templates based on the name of the user that created the template

Filtering templates by creation time

Clearing a template filter

Deleting a template

Filtering reports by creation time

Filtering reports by name

Filtering reports by the name of the server with the Central Node component

Filtering reports based on the name of the user that created the report

Clearing a report filter

Deleting a report

Page top
[Topic 247734]

Creating a report based on a template

To create a report based on a template:

  1. In the window of the program web interface, select the Reports section, Generated reports subsection.

    This opens the table of reports.

  2. Click Add.

    This opens the New report window.

  3. Do the following:
    1. In the Template drop-down list, select one of the templates for creating a report.
    2. Under Period, select one of the following options:
      • Last hour if you want the report to contain information about application operation during the last hour.
      • Last day if you want the report to contain information about application operation during the last day.
      • Last 7 days if you want the report to contain information about application operation during the last week.
      • Last 30 days, if you want the report to contain information about system operation during the last month.
      • Custom, if you want the report to contain information about system operation during the period you specify.
  4. If you have selected the Custom display period for information about application operation:
    1. In the calendar that opens, specify the start and end dates of the period for which the report will be generated.
    2. Click Apply.
  5. If you are using distributed solution and multitenancy mode, in the Servers settings group, select the check boxes next to the tenants and servers whose data you want to include in the report.
  6. Click Create.

The created report is displayed in the table of reports. You can download the report for viewing on your computer.

Users with the Security officer role cannot create report templates.

See also

Managing common reports

Viewing the table of templates and reports

Creating a template

Viewing a report

Downloading a report to a local computer

Editing a template

Filtering templates by name

Filtering templates based on the name of the user that created the template

Filtering templates by creation time

Clearing a template filter

Deleting a template

Filtering reports by creation time

Filtering reports by name

Filtering reports by the name of the server with the Central Node component

Filtering reports based on the name of the user that created the report

Clearing a report filter

Deleting a report

Page top
[Topic 247735][Topic 247736]

Downloading a report to a local computer

To download a report to your computer:

  1. In the window of the program web interface, select the Reports section, Generated reports subsection.

    This opens the table of reports.

  2. In the line containing the report that you want to view, click the kata_icon_report_download icon.

    The report is saved in HTML format to your local computer in the browser's downloads folder.

    To view a report, you can use any application that lets you view HTML files (for example, a browser).

See also

Managing common reports

Viewing the table of templates and reports

Creating a template

Creating a report based on a template

Viewing a report

Editing a template

Filtering templates by name

Filtering templates based on the name of the user that created the template

Filtering templates by creation time

Clearing a template filter

Deleting a template

Filtering reports by creation time

Filtering reports by name

Filtering reports by the name of the server with the Central Node component

Filtering reports based on the name of the user that created the report

Clearing a report filter

Deleting a report

Page top
[Topic 247743]

Editing a template

To edit a template:

  1. In the application web interface window, select the Reports section, Templates tab.
  2. This opens the table of templates. Select the template that you want to edit.

    This opens the template editing window.

  3. You can edit the following settings:
    • Template name is the report name that is displayed in the table in the Reports section, Generated reports subsection when creating all reports based on this template.
    • Report title is the report name that is displayed in the report after the report is created.

      You can format text using the buttons in the Text section in the template builder.

    • Report description is the report description that is displayed in a report after the report is created.

      You can format text using the buttons in the Text section in the template builder.

    • Image. You can upload or delete an image.
    • Pie chart. You can change the following pie chart settings:
      • Name.
      • Data source.
      • Number of slices.

      Click Apply.

    • Table. You can change the following table settings:
      • Selected columns. You can drag the names of columns between the Available columns and Selected columns fields, and change the order of columns in the report table.
      • State.
      • Technologies.
      • Importance.
      • VIP status.
  4. Select one of the following methods to save the template:
    • If you want to apply changes to the current template, click the Save button.

      The template is modified.

    • If you want to create a new template, enter a name for the template and click Save as.

      The name of the new template must not be the same as the name of an already existing template.

      The new template will be saved.

Users with the Security auditor and Security officer roles cannot edit templates.

See also

Managing common reports

Viewing the table of templates and reports

Creating a template

Creating a report based on a template

Viewing a report

Downloading a report to a local computer

Filtering templates by name

Filtering templates based on the name of the user that created the template

Filtering templates by creation time

Clearing a template filter

Deleting a template

Filtering reports by creation time

Filtering reports by name

Filtering reports by the name of the server with the Central Node component

Filtering reports based on the name of the user that created the report

Clearing a report filter

Deleting a report

Page top
[Topic 247744]

Filtering templates by name

To filter templates by name:

  1. In the application web interface window, select the Reports section, Templates tab.
  2. This opens the table of templates. Click the Report name link to open the template filtering menu.
  3. In the drop-down list, select one of the following template filtering operators:
    • Contain
    • Not contain
  4. Enter one or several characters of the template name.
  5. If you want to add a filtering criterion to the filter, click the Apt_icon_alerts_add_filter button under the list of filtering operators and repeat the sequence for specifying filtering criteria.
  6. Click Apply.

The table of templates will display only templates that match the filter criteria you have set.

See also

Managing common reports

Viewing the table of templates and reports

Creating a template

Creating a report based on a template

Viewing a report

Downloading a report to a local computer

Editing a template

Filtering templates based on the name of the user that created the template

Filtering templates by creation time

Clearing a template filter

Deleting a template

Filtering reports by creation time

Filtering reports by name

Filtering reports by the name of the server with the Central Node component

Filtering reports based on the name of the user that created the report

Clearing a report filter

Deleting a report

Page top
[Topic 247746]

Filtering templates based on the name of the user that created the template

To filter templates by the name of the user that created the template:

  1. In the application web interface window, select the Reports section, Templates tab.
  2. This opens the table of templates. Click the Created by link to open the menu for filtering templates.
  3. In the drop-down list, select one of the following template filtering operators:
    • Contain
    • Not contain
  4. Enter one or several characters of the user name.
  5. If you want to add a filtering criterion to the filter, click the Apt_icon_alerts_add_filter button under the list of filtering operators and repeat the sequence for specifying filtering criteria.
  6. Click Apply.

The table of templates will display only templates that match the filter criteria you have set.

See also

Managing common reports

Viewing the table of templates and reports

Creating a template

Creating a report based on a template

Viewing a report

Downloading a report to a local computer

Editing a template

Filtering templates by name

Filtering templates by creation time

Clearing a template filter

Deleting a template

Filtering reports by creation time

Filtering reports by name

Filtering reports by the name of the server with the Central Node component

Filtering reports based on the name of the user that created the report

Clearing a report filter

Deleting a report

Page top
[Topic 247748]

Filtering templates by creation time

To filter report templates by creation time:

  1. In the application web interface window, select the Reports section, Templates tab.
  2. This opens the table of templates. Click the Time created link to open the menu for filtering templates.
  3. Select one of the following template display periods:
    • All if you want the application to display all created templates in the table.
    • Last hour if you want the application to display the templates that were created during the last hour in the table.
    • Last day if you want the application to display the templates that were created during the last day in the table.
    • Custom range if you want the application to display templates that were created during the period you specify in the table.
  4. If you have selected the Custom range template display period:
    1. This opens the calendar; in the calendar, specify the start and end dates of the template display period.
    2. Click Apply.

The table of templates will display only templates that match the filter criteria you have set.

See also

Managing common reports

Viewing the table of templates and reports

Creating a template

Creating a report based on a template

Viewing a report

Downloading a report to a local computer

Editing a template

Filtering templates by name

Filtering templates based on the name of the user that created the template

Clearing a template filter

Deleting a template

Filtering reports by creation time

Filtering reports by name

Filtering reports by the name of the server with the Central Node component

Filtering reports based on the name of the user that created the report

Clearing a report filter

Deleting a report

Page top
[Topic 247745]

Clearing a template filter

To clear the template filter for one or more filtering criteria:

  1. In the application web interface window, select the Reports section, Templates tab.
  2. This opens the table of templates. Click Delete to the right of the header of the column of the template table for which you want to clear the filter conditions.

    If you want to clear several filter conditions, perform the necessary actions to clear each filter condition.

The selected filters are cleared.

The table of templates will display only templates that match the filter criteria you have set.

See also

Managing common reports

Viewing the table of templates and reports

Creating a template

Creating a report based on a template

Viewing a report

Downloading a report to a local computer

Editing a template

Filtering templates by name

Filtering templates based on the name of the user that created the template

Filtering templates by creation time

Deleting a template

Filtering reports by creation time

Filtering reports by name

Filtering reports by the name of the server with the Central Node component

Filtering reports based on the name of the user that created the report

Clearing a report filter

Deleting a report

Page top
[Topic 247749]

Deleting a template

To delete a template:

  1. In the application web interface window, select the Reports section, Templates tab.
  2. This opens the table of templates. Select the check box in the line containing the template that you want to delete.
  3. Click Delete.

    This opens the action confirmation window.

  4. Click Yes.

The template that you selected will be deleted.

Users with the Security auditor and Security officer roles cannot delete templates.

See also

Managing common reports

Viewing the table of templates and reports

Creating a template

Creating a report based on a template

Viewing a report

Downloading a report to a local computer

Editing a template

Filtering templates by name

Filtering templates based on the name of the user that created the template

Filtering templates by creation time

Clearing a template filter

Filtering reports by creation time

Filtering reports by name

Filtering reports by the name of the server with the Central Node component

Filtering reports based on the name of the user that created the report

Clearing a report filter

Deleting a report

Page top
[Topic 247750]

Filtering reports by creation time

To filter reports by creation time:

  1. In the window of the program web interface, select the Reports section, Generated reports subsection.

    This opens the table of reports.

  2. Click the Time created link to open the report filtering menu.
  3. Select one of the following report display periods:
    • All if you want the application to display all created reports in the table.
    • Last hour if you want the application to display the reports that were created during the last hour in the table.
    • Last day if you want the application to display the reports that were created during the last day in the table.
    • Custom range if you want the application to display reports that were created during the period you specify in the table.
  4. If you have selected the Custom range report display period:
    1. In the calendar that opens, specify the start and end dates of the report display period.
    2. Click Apply.

The table of reports will display only reports that match the filter criteria you have set.

See also

Managing common reports

Viewing the table of templates and reports

Creating a template

Creating a report based on a template

Viewing a report

Downloading a report to a local computer

Editing a template

Filtering templates by name

Filtering templates based on the name of the user that created the template

Filtering templates by creation time

Clearing a template filter

Deleting a template

Filtering reports by name

Filtering reports by the name of the server with the Central Node component

Filtering reports based on the name of the user that created the report

Clearing a report filter

Deleting a report

Page top
[Topic 247597]

Filtering reports by name

To filter reports by name:

  1. In the window of the program web interface, select the Reports section, Generated reports subsection.

    This opens the table of reports.

  2. Click the Report name link to open the report filtering menu.
  3. In the drop-down list, select one of the following report filtering operators:
    • Contain
    • Not contain
  4. In the text box, enter one or more characters of the report name.
  5. If you want to add a filtering criterion to the filter, click the Apt_icon_alerts_add_filter button under the list of filtering operators and repeat the sequence for specifying filtering criteria.
  6. Click Apply.

The table of reports will display only reports that match the filter criteria you have set.

See also

Managing common reports

Viewing the table of templates and reports

Creating a template

Creating a report based on a template

Viewing a report

Downloading a report to a local computer

Editing a template

Filtering templates by name

Filtering templates based on the name of the user that created the template

Filtering templates by creation time

Clearing a template filter

Deleting a template

Filtering reports by creation time

Filtering reports by the name of the server with the Central Node component

Filtering reports based on the name of the user that created the report

Clearing a report filter

Deleting a report

Page top
[Topic 247598]

Filtering reports by the name of the server with the Central Node component

To filter reports by the name of the server with the Central Node component:

  1. In the window of the program web interface, select the Reports section, Generated reports subsection.

    This opens the table of reports.

  2. Click the Servers link to open the report filtering menu.
  3. Select the check boxes opposite those servers by which you want to filter reports.
  4. Click Apply.

The table of reports will display only reports that match the filter criteria you have set.

See also

Managing common reports

Viewing the table of templates and reports

Creating a template

Creating a report based on a template

Viewing a report

Downloading a report to a local computer

Editing a template

Filtering templates by name

Filtering templates based on the name of the user that created the template

Filtering templates by creation time

Clearing a template filter

Deleting a template

Filtering reports by creation time

Filtering reports by name

Filtering reports based on the name of the user that created the report

Clearing a report filter

Deleting a report

Page top
[Topic 247600]

Filtering reports based on the name of the user that created the report

To filter reports by the name of the user that created the report:

  1. In the window of the program web interface, select the Reports section, Generated reports subsection.

    This opens the table of reports.

  2. Click the Created by link to open the report filtering menu.
  3. In the drop-down list, select one of the following report filtering operators:
    • Contain
    • Not contain
  4. Enter one or several characters of the user name.
  5. If you want to add a filtering criterion to the filter, click the Apt_icon_alerts_add_filter button under the list of filtering operators and repeat the sequence for specifying filtering criteria.

The table of reports will display only reports that match the filter criteria you have set.

See also

Managing common reports

Viewing the table of templates and reports

Creating a template

Creating a report based on a template

Viewing a report

Downloading a report to a local computer

Editing a template

Filtering templates by name

Filtering templates based on the name of the user that created the template

Filtering templates by creation time

Clearing a template filter

Deleting a template

Filtering reports by creation time

Filtering reports by name

Filtering reports by the name of the server with the Central Node component

Clearing a report filter

Deleting a report

Page top
[Topic 247599]

Clearing a report filter

To clear the report filter for one or more filtering criteria:

  1. In the window of the program web interface, select the Reports section, Generated reports subsection.

    This opens the table of reports.

  2. Click Delete to the right of the header of the column of the reports table for which you want to clear the filter conditions.

    If you want to clear several filter conditions, perform the necessary actions to clear each filter condition.

The selected filters are cleared.

The table of reports will display only reports that match the filter criteria you have set.

See also

Managing common reports

Viewing the table of templates and reports

Creating a template

Creating a report based on a template

Viewing a report

Downloading a report to a local computer

Editing a template

Filtering templates by name

Filtering templates based on the name of the user that created the template

Filtering templates by creation time

Clearing a template filter

Deleting a template

Filtering reports by creation time

Filtering reports by name

Filtering reports by the name of the server with the Central Node component

Filtering reports based on the name of the user that created the report

Deleting a report

Page top
[Topic 247751]

Deleting a report

To delete an application operation report:

  1. In the window of the program web interface, select the Reports section, Generated reports subsection.

    This opens the table of reports.

  2. Select the check box in the line containing the report that you want to delete.
  3. Click Delete.

    This opens the action confirmation window.

  4. Click Yes.

The selected report will be deleted.

Users with the Security auditor and Security officer roles cannot delete reports.

See also

Managing common reports

Viewing the table of templates and reports

Creating a template

Creating a report based on a template

Viewing a report

Downloading a report to a local computer

Editing a template

Filtering templates by name

Filtering templates based on the name of the user that created the template

Filtering templates by creation time

Clearing a template filter

Deleting a template

Filtering reports by creation time

Filtering reports by name

Filtering reports by the name of the server with the Central Node component

Filtering reports based on the name of the user that created the report

Clearing a report filter

Page top
[Topic 247752]

Managing NDR reports

You can use Kaspersky Anti Targeted Attack Platform to get reports with various information saved by the application. Kaspersky Anti Targeted Attack Platform generates reports as PDF files. The application can send report files to email addresses.

You can view information about generated reports and export them to files in the Reports section, Reports (NDR) subsection, Generated reports tab.

The following types of NDR report templates are possible:

  • System templates, created automatically during application installation. In the table of report templates, system templates are displayed with the Shield icon. icon. You cannot delete system templates.

    Kaspersky Anti Targeted Attack Platform supports the following system report templates:

    • Inventory report.

      Contains information about devices and system commands, as well as protocols used and detected risks on devices.

    • System security report.

      Contains information about the security status of devices, registered events, detected risks, and interactions with devices on external networks.

    • Executive summary.

      Contains brief information about devices and the security status of the system.

    • Full report.

      Contains complete information about devices and the security status of the system.

  • Custom templates, created manually by duplicating templates. You can duplicate system or custom templates. Only users with the Senior security officer role can duplicate report templates.

Information in reports is presented as separate information blocks. Each Kaspersky Anti Targeted Attack Platform report includes a fixed set of information blocks, which are arranged in a fixed order. Information blocks used in reports and their descriptions are listed in the table below.

Using information blocks in reports

Name of the information block

Inventory report

System security report

Executive summary

Full report

Check mark meaning the item is present.

Dash meaning the item is not present.

Check mark meaning the item is present.

Check mark meaning the item is present.

Check mark meaning the item is present.

Dash meaning the item is not present.

Check mark meaning the item is present.

Check mark meaning the item is present.

Check mark meaning the item is present.

Dash meaning the item is not present.

Check mark meaning the item is present.

Check mark meaning the item is present.

Check mark meaning the item is present.

Check mark meaning the item is present.

Dash meaning the item is not present.

Check mark meaning the item is present.

Dash meaning the item is not present.

Check mark meaning the item is present.

Check mark meaning the item is present.

Check mark meaning the item is present.

Check mark meaning the item is present.

Dash meaning the item is not present.

Dash meaning the item is not present.

Check mark meaning the item is present.

Check mark meaning the item is present.

Dash meaning the item is not present.

Dash meaning the item is not present.

Check mark meaning the item is present.

Check mark meaning the item is present.

Dash meaning the item is not present.

Dash meaning the item is not present.

Check mark meaning the item is present.

Check mark meaning the item is present.

Dash meaning the item is not present.

Check mark meaning the item is present.

Check mark meaning the item is present.

Check mark meaning the item is present.

Dash meaning the item is not present.

Check mark meaning the item is present.

Check mark meaning the item is present.

Dash meaning the item is not present.

Check mark meaning the item is present.

Check mark meaning the item is present.

Check mark meaning the item is present.

Dash meaning the item is not present.

Check mark meaning the item is present.

Dash meaning the item is not present.

Check mark meaning the item is present.

Dash meaning the item is not present.

Check mark meaning the item is present.

Dash meaning the item is not present.

Check mark meaning the item is present.

Dash meaning the item is not present.

Check mark meaning the item is present.

Dash meaning the item is not present.

Check mark meaning the item is present.

Dash meaning the item is not present.

Check mark meaning the item is present.

Dash meaning the item is not present.

Check mark meaning the item is present.

Dash meaning the item is not present.

Check mark meaning the item is present.

Dash meaning the item is not present.

Check mark meaning the item is present.

Dash meaning the item is not present.

Check mark meaning the item is present.

Dash meaning the item is not present.

Check mark meaning the item is present.

Dash meaning the item is not present.

Check mark meaning the item is present.

Dash meaning the item is not present.

Check mark meaning the item is present.

Dash meaning the item is not present.

Check mark meaning the item is present.

Dash meaning the item is not present.

Check mark meaning the item is present.

Dash meaning the item is not present.

Check mark meaning the item is present.

Check mark meaning the item is present.

Check mark meaning the item is present.

In this section

Viewing the table of NDR report templates

Viewing NDR report template details

Viewing the table of NDR reports

Manually generating an NDR report based on a template

Duplicating an NDR report template

Editing an NDR report template

Exporting an NDR report to a file

Deleting an NDR report template

Deleting an NDR report

Canceling NDR report generation

Managing the settings for storing report files

Page top
[Topic 236181]

Viewing the table of NDR report templates

You can view the table of report templates in the web interface of the application, in the Reports section, Reports (NDR) subsection, on the Report templates tab.

Report template settings are displayed in the following columns of the table:

  • Name.

    Report template name. The Shield icon. icon is displayed next to the names of system report templates.

  • Schedule.

    Information about the schedule used by Kaspersky Anti Targeted Attack Platform to automatically generate a report based on the template. Schedule information is displayed if a user with the Senior security officer role configured a schedule in the report template. If the schedule is not configured, the column displays Disabled.

  • Type/use.

    Name of the user who last modified the report template. System is displayed for system templates that have default settings.

  • Last report.

    Time when the last report was generated based on the report template.

  • Destinations.

    Icon signifying that email report recipients are configured. The following icons have the following meanings:

    • Green envelope icon. – report recipients are defined.
    • Yellow envelope icon. – report recipients are not defined.
Page top
[Topic 236182]

Viewing NDR report template details

To view report template information:

In the Reports section, Reports (NDR) subsection, on the Report templates tab, select the relevant template.

The details area is displayed in the right part of the web interface window. The details area displays all specified details.

Details of the report template include the following fields:

  • Name is the name of the report template.
  • Type/user is the name of the user that last modified the report template. System is displayed for system templates that have default settings.
  • Period is the time period covered by the report that Kaspersky Anti Targeted Attack Platform generates based on the template.
  • Modified is the time when the most recent change to the template was made.
  • Last report is the time when the last report was generated based on the template.
  • Next start (local time) is the time when the next report generation based on the template will start. This setting is displayed if a schedule is configured for the report template.
  • Schedule displays information about the schedule used by Kaspersky Anti Targeted Attack Platform to automatically generate a report based on the template. This setting is displayed if a schedule is configured for the report template.

Recipient addresses are email addresses to which Kaspersky Anti Targeted Attack Platform sends the generated reports. This setting is displayed if recipient addresses are configured for the report template.

Page top
[Topic 236183]

Viewing the table of NDR reports

You can view the table of reports in the web interface of the application, in the Reports section, Reports (NDR) subsection, on the Generated reports tab.

Report settings are displayed in the following columns of the table:

  • ID.

    Unique ID of the report.

  • Report name.

    Name of the generated report.

  • Template name.

    Name of the template used to generate the report.

  • Start.

    Date and time when the report generation started.

  • Status.

    Status of the report. A report can have one of the following statuses:

    Hourglass icon. Pending. The report is queued for generation. A report can have the Pending status when multiple reports are generated at the same time.

    Playback icon (arrow to the right). In progress. The report is being generated.

    Exclamation mark on red background icon. Error. An error occurred while generating the report.

    Check mark on green background icon. Done. The report is successfully generated.

    White horizontal bar in yellow circle icon. Canceling. Report generation is being canceled.

    Gray X icon. Canceled. Report generation has been canceled.

  • User.

    Name of the user that initiated the generation of the report or configured the schedule for running the report based on a template.

  • Run type.

    Report generation type: manual or scheduled.

  • Completed.

    Date and time when the report generation ended.

Page top
[Topic 236186]

Manually generating an NDR report based on a template

You can manually start generating a report based on a template.

To start report generation:

  1. Select the Reports section, then the Reports (NDR) subsection.
  2. On the Report templates tab, select one or more templates that you want to use to generate reports.

    When multiple templates are selected, the application generates reports based on these templates simultaneously. You can select up to 10 templates.

  3. In the toolbar above the table of report templates, click Get reports.

    Kaspersky Anti Targeted Attack Platform starts generating the report.

You will be taken to the Generated reports tab, which displays the status of the reports being generated. After the reports are generated, Kaspersky Anti Targeted Attack Platform sends report files in PDF format to the email addresses specified in the report template. If an email address is not defined in the report template, you can individually export generated reports to files manually on the Generated reports tab. The maximum size of a report file is 10 MB.

If necessary, you can cancel the generation of the report.

Page top
[Topic 236184]

Duplicating an NDR report template

You can create custom templates by duplicating existing report templates. You can duplicate system templates or custom templates. When duplicating a template, you cannot choose which information blocks to include in the report or rearrange them.

The maximum number of templates in the application is 5000.

To duplicate a report template:

  1. Select the Reports section, then the Reports (NDR) subsection.
  2. On the Report templates tab, select the relevant template.

    The details area is displayed in the right part of the web interface window.

  3. Click Create new template.
  4. In the Name field, edit the name of the report template.

    You can use Latin and Cyrillic letters, numerals, the space character, as well as -, –, _ characters.

    The name of the report template must satisfy the following requirements:

    • Does not reuse the name of another report template (case-insensitive).
    • Contains up to 100 characters.

    Names of reports generated from the updated template will reflect the new name of the template.

  5. In the Data period drop-down list, select the time period for which you want to get system information in the report.

    You can generate reports with information received by the application within the last 24 hours, 7 days, 30 days, the last year, or a manually configured time frame.

  6. If you need to generate reports on a schedule, turn on the Generate report by schedule toggle switch and set up a schedule:
    1. In the Frequency drop-down list, select how often you want to generate the report: Hourly, Daily, Weekly, or Monthly.
    2. Depending on the selected option, specify the values for the settings to refine the report generation start time.
  7. If necessary, use the Recipient addresses field to enter the email address to which you want to send the generated reports. If you need to specify additional recipients of the report, click Add recipient address and enter the email address.

    The maximum number of report recipients is 20.

  8. Click Save.

The new report is added to the table of report templates.

Page top
[Topic 236338]

Editing an NDR report template

To edit the settings of a report template:

  1. Select the Reports section, then the Reports (NDR) subsection.
  2. On the Report templates tab, select the relevant template.

    The details area is displayed in the right part of the web interface window.

  3. Click Edit.
  4. In the Name field, edit the name of the report template.

    You can use Latin and Cyrillic letters, numerals, the space character, as well as -, –, _ characters.

    The name of the report template must satisfy the following requirements:

    • Does not reuse the name of another report template (case-insensitive).
    • Contains up to 100 characters.

    Names of reports generated from the updated template will reflect the new name of the template.

  5. In the Data period drop-down list, select the time period for which you want to get system information in the report.

    You can generate reports with information received by the application within the last 24 hours, 7 days, 30 days, the last year, or a manually configured time frame.

  6. If you need to generate reports on a schedule, turn on the Generate report by schedule toggle switch and set up a schedule:
    1. In the Frequency drop-down list, select how often you want to generate the report: Hourly, Daily, Weekly, or Monthly.
    2. Depending on the selected option, specify the values for the settings to refine the report generation start time.
  7. If necessary, use the Recipient addresses field to enter the email address to which you want to send the generated reports. If you need to specify additional recipients of the report, click Add recipient address and enter the email address.

    The maximum number of report recipients is 20.

  8. Click Save.

The changes are displayed in the corresponding columns of the table of report templates.

Page top
[Topic 236337]

Exporting an NDR report to a file

You can export the generated report to a PDF file.

To export a report to a file:

  1. In the Reports section, select the Reports (NDR) subsection.
  2. On the Generated reports tab, select the relevant report.

    The reports are filtered by the IDs of the reports that were started last in the current Server connection session. To display all generated reports, reset the filter settings by clicking Default filter. If necessary, you can configure filtering by a time period of your choice.

    The details area is displayed in the right part of the web interface window.

  3. Click Export.

The browser save the report file. By default, the report file has a name in the <report name>_<date and time when the report was generated> format. Depending on your browser's settings, a window may be displayed on your screen in which you can specify the path and name of the downloaded file.

Page top
[Topic 236187]

Deleting an NDR report template

Only custom report templates can be deleted.

To delete a report template:

  1. Select the Reports section, then the Reports (NDR) subsection.
  2. On the Report templates tab, select one or more report templates that you want to delete.
  3. Click Delete.

    System templates cannot be deleted. In the table of report templates, system templates are displayed with the Shield icon. icon.

  4. In the displayed prompt window, confirm the deletion of report templates.
Page top
[Topic 236398]

Deleting an NDR report

To delete a report:

  1. Select the Reports section, then the Reports (NDR) subsection.
  2. On the Generated reports tab, select one or more reports that you want to delete.

    The reports in the table of reports are filtered by the IDs of the reports that were started last in the current Server connection session. To display all generated reports, reset the filter settings by clicking Default filter. If necessary, you can configure filtering by a time period of your choice.

    The details area is displayed in the right part of the web interface window.

  3. Click Delete.
  4. In the displayed prompt window, confirm the deletion of the report.
Page top
[Topic 236339]

Canceling NDR report generation

You can cancel report generation only for a report with the In progress status.

To cancel report generation:

  1. Select the Reports section, then the Reports (NDR) subsection.
  2. On the Generated reports tab, select the report with the In progress status that you want to cancel.

    The details area is displayed in the right part of the web interface window.

  3. Click Cancel.
  4. In the displayed prompt window, confirm the cancellation of the report.

After this request is completed, the report status changes to Canceled.

See also

Viewing the table of NDR reports

Page top
[Topic 236340]

Managing the settings for storing report files

You can change the maximum total size limit for stored report files.

To edit report file storage settings:

  1. Log in to the web interface with the application administrator account.
  2. Select the Sensor servers section.
  3. Select the card of the local host (IP address 0.0.0.0).

    The details area is displayed in the right part of the web interface window.

  4. Click Edit.

    In the details area, tabs are displayed, on which you can manage the settings of the server.

  5. On the General tab, under Reports, use the Max volume setting to set a size limit for the stored report files.

    You can select the unit of measure for the size limit: MB or GB.

    When editing the value, you also need to take into account that the sum total of all size limits may not exceed the specified maximum storage capacity for the node.

  6. If necessary, use the Storage time (days) setting to limit the storage duration of report files, and specify the duration in days.
  7. Click Save.
Page top
[Topic 238497]