Kaspersky Anti Targeted Attack Platform
7.0
English

Contents

Filtering links

This section contains instructions on how to filter links.

In this section

Filtering links by severity score

Filtering links by communication protocol

Filtering links by OSI model layer
Page top
[Topic 283742]

Filtering links by criticality score

To filter links on the network interactions map by their severity scores:

  1. In the toolbar above the network interactions map, open the Scores of links drop-down list.

    A list of event severity levels and ranges is displayed: Low (0.0–3.9), Medium (4.0–7.9), High (8.0–10.0); as well as the No events item, which lets you filter links that have no registered events.

  2. In the drop-down list, select the check boxes for the severity levels by which you want to filter.
  3. Click OK.

The network interaction map displays only links that have associated events with selected severity levels.

Page top
[Topic 283743]

Filtering links by communication protocol

To filter links on the network interactions map by protocol:

  1. In the toolbar above the network interactions map, open the Protocols drop-down list.

    This opens a window with a table of protocols displayed as a protocol stack tree. You can control the display of tree nodes using the + and - buttons next to the names of protocols that encompass protocols of the next tiers.

    The table columns contain the following information:

    • Protocol is the name of the protocol in the protocol stack tree.
    • EtherType is the number of the next-layer protocol encapsulated by the Ethernet protocol (if the protocol has a specified number). Displayed in decimal format.
    • IP number is the number of the next-layer protocol encapsulated by the IP protocol (if the protocol has a specified number). Specified only for protocols that are part of the IP protocol structure. Displayed in decimal format.
  2. If necessary, use the search bar above the table to find the protocols that you need.
  3. In the list of protocols, select check boxes for protocols that you want to use in search conditions.

    If you select or clear the check box for a protocol that contains nested protocols, check boxes are also automatically selected or cleared for all nested protocols.

  4. Click OK.

Only links that used the selected protocols are displayed on the network interactions map.

Page top
[Topic 283744]

Filtering links by OSI model layer

You can filter links by interaction layers that correspond to the layers of the Open Systems Interconnection (OSI) network protocol stack.

To filter link on the network interactions map by OSI model layers:

  1. In the toolbar above the network interactions map, open the OSI model layers drop-down list.

    A list of OSI model layer names is displayed:

    • Data Link. This layer includes connections that used MAC addresses to communicate with devices.
    • Network. This layer includes connections that used IP addresses to communicate with devices.
  2. In the drop-down list, select check boxes for OSI model layers that you want to use as a filtering condition for links displayed on the network interactions map.
  3. Click OK.

Only links that belong to the selected OSI model layer are displayed on the network interactions map.

Page top
[Topic 283745]