Kaspersky Next XDR Expert
1.1.9

Contents

Preconfigured dashboard layouts

KUMA comes with a set of predefined layouts: The default refresh period for predefined layouts is Never. You can edit these layouts as needed.

Predefined layouts

Layout name

Description of widgets in the layout

Network Overview
  • Netflow top internal IPs—total volume of netflow traffic received by the asset, in bytes. The data is grouped by internal IP addresses of assets.
  • The widget displays up to 10 IP addresses.
  • Netflow top external IPs—total volume of netflow traffic received by the asset, in bytes. The data is grouped by external IP addresses of assets.
  • Netflow top hosts for remote control—number of events associated with access attempts to one of the following ports: 3389, 22, 135. The data is grouped by asset name.
  • Netflow total bytes by internal ports—number of bytes sent to internal ports of assets. The data is grouped by port number.
  • Top Log Sources by Events count—top 10 sources from which the greatest number of events was received.

[OOTB] KATA & EDR
  • KATA. Top-10 detections by type — visualizes the 10 most common types of events detected by the KATA solution.
  • KATA. Top-10 detections by file type — visualizes the 10 most common file types detected by the KATA solution.
  • KATA. Top-10 user names in detections — visualizes the 10 most common user names detected by the KATA solution.
  • KATA. Top-10 IDS detections — visualizes the 10 most common threats detected by the IDS module of the KATA solution.
  • KATA. Top-10 URL detections — visualizes the 10 most common suspicious URLs detected by the KATA solution.
  • KATA. Top-10 AV detections — visualizes the 10 most common threats detected by the KATA anti-virus module.
  • EDR. Top-10 MITRE technique detections — visualizes the 10 most common MITRE matrix techniques detected by the EDR solution.
  • EDR. Top-10 MITRE tactic detections — visualizes the 10 most common MITRE matrix tactics detected by the EDR solution.

[OOTB] KSC
  • KSC. Top-10 users with the most KAV alerts — visualizes the 10 most common user names present in events related to the detection of malicious software, information about which is contained in the Kaspersky Security Center application.
  • KSC. Top-10 most common threats — visualizes the 10 most common types of malware, information about which is contained in the Kaspersky Security Center application.
  • KSC. Number of devices that received AV database updates — visualizes the number of devices on which anti-virus database updates have been installed, information about which is contained in the Kaspersky Security Center application.
  • KSC. Number of devices on which the virus was found — visualizes the number of devices on which malware was detected, information about which is contained in the Kaspersky Security Center application.
  • KSC. Malware detections by hour — visualizes the distribution of the number of malware per hour, information about which is contained in the Kaspersky Security Center application.

[OOTB] KSMG
  • KSMG. Top-10 senders of blocked emails — visualizes the 10 most common senders of email messages blocked by the KSMG solution.
  • KSMG. Top-10 events by action — visualizes the 10 most common actions performed by the KSMG solution.
  • KSMG. Top-10 events by outcome — visualizes the 10 most common results of actions performed by the KSMG solution.
  • KSMG. Blocked emails by hour — visualizes the distribution of the number of email messages blocked by the KSMG solution, by hour.

[OOTB] KWTS
  • KWTS. Top-10 IP addresses with the most blocked web traffic — visualizes the 10 most common IP addresses from which traffic blocked by the KWTS solution originated.
  • KWTS. Top-10 IP addresses with the most allowed web traffic — visualizes the 10 most common IP addresses from which traffic allowed by the KWTS solution originated.
  • KWTS. Top 10 requests by client application — visualizes the 10 most common applications used to gain access to network resources, as detected by the KWTS solution.
  • KWTS. Top-10 blocked URLs — visualizes the 10 most common URLs from which traffic was allowed by the KWTS solution.
  • KWTS. System action types — visualizes the 10 most common actions performed by the KWTS solution.
  • KWTS. Top-10 users with the most allowed web traffic — visualizes the 10 most common user names of users whose traffic was allowed by the KWTS solution.

Page top
[Topic 265217]