Kaspersky Security Integrations for MSP

Contents

Viewing event information

This section describes the Events tab and explains how to use it to view information about events that occur on managed computers.

In this section

About the Events tab

Sorting the list of events

Filtering events by severity level

Advanced filter of events
Page top
[Topic 165526]

About the Events tab

The Events tab displays a list of events that occurred on the managed computers.

Events_window_Kaspersky plugin for LabTech

Viewing event information

Click the Events tab to view additional information, obtained from the Kaspersky Lab solution, about the security issues detected on a particular computer or group of computers.

In the top pane, you can configure filters to view only the events with selected properties. You can filter events by severity level, client, computer, or time of occurrence. To restrict your event selection and view only those events with selected properties, apply several filters at the same time. Every time you open the Events tab, the previously used filter settings are restored—there is no need to set up filters again.

Information on the events is displayed as a table. You can sort information in the table by any of the table columns by clicking the column header. For each event, you can view the following information:

  • ClientName of a ConnectWise Automate client company. The computer on which the event occurred belongs to this client. This field is applicable if you use Kaspersky Security Center; it is blank if you use Kaspersky Endpoint Security Cloud.
  • SeveritySeverity level of the event according to Kaspersky Security Center or Kaspersky Endpoint Security Cloud.
  • Time occurredTime when the event occurred.
  • ComputerName of the computer on which the event occurred. The computer name can be different in ConnectWise Automate and in the Kaspersky Lab solution. The computer name for ConnectWise Automate is displayed on the first line of the entry and the name for Kaspersky Security Center / Kaspersky Endpoint Security Cloud on the second line. When you click the computer name, the Computer Management screen of ConnectWise Automate Control Center is displayed for this computer.
  • EventName and description of the event.
  • Administration Server / Workspace—The content of this field depends on the Kaspersky Lab solution you use:
    • If you use Kaspersky Security Center, this field shows the computer name of the Administration Server that manages the computer on which the event occurred. The Administration Server computer name can be different in ConnectWise Automate and in Kaspersky Security Center. The Administration Server computer name for ConnectWise Automate is displayed on the first line of the entry and the name for Kaspersky Security Center on the second line. When you click the computer name, the Computer Management screen of ConnectWise Automate Control Center is displayed for this computer.
    • If you use Kaspersky Endpoint Security Cloud, this field shows the name of the workspace, to which the computer on which the event occurred belongs.

When you select an event in the table, its properties are displayed in the pane on the right side of the screen. In addition to those in the table, the following event properties are displayed:

  • LocationName of the ConnectWise Automate location. The computer on which the event occurred belongs to this location. This field is displayed if you use Kaspersky Security Center; it is not displayed if you use Kaspersky Endpoint Security Cloud.
  • Virtual ServerName of the Kaspersky Security Center virtual server. The computer on which the event occurred is located on this server. This field is displayed if you use Kaspersky Security Center; it is not displayed if you use Kaspersky Endpoint Security Cloud.
  • Kaspersky Security Center groupName of a Kaspersky Security Center group. The computer on which the event occurred belongs to this group. This field is displayed if you use Kaspersky Security Center; it is not displayed if you use Kaspersky Endpoint Security Cloud.
  • ApplicationName of the application that the event is related to.
  • VersionVersion the application that the event is related to.
  • TaskName of the task that the event is related to. This field is displayed if you use Kaspersky Security Center; it is not displayed if you use Kaspersky Endpoint Security Cloud.

Page top

[Topic 133602]

Sorting the list of events

Sorting the list of events is useful if, for example, you want to view events that have a specific severity level or that most recently appeared at the top of the list.

You can sort both filtered and unfiltered list of events.

To sort the list of events:

  1. Click the Events tab.
  2. Click the name of the column that you want to sort by. You can sort by any column of the list.

    The list of events is sorted by the selected columns.

    When you click the column name the first time, the values are sorted in ascending order. When you click the column name again, the values are sorted in descending order. The arrow next to the column name shows the sort direction.

Page top

[Topic 133665]

Filtering events by severity level

Filtering the list of events by severity level is useful if, for example, you want to view only critical events in order to immediately respond to and solve a problem.

To filter the events by severity level:

  1. Click the Events tab.
  2. Click one of the following links in the Show events section:

    Link

    Action

    Any

    Displays all the events.

    Info

    Displays the events with Info severity level.

    Warning

    Displays the events with Warning severity level.

    Error

    Displays the events with Error severity level.

    Critical

    Displays the events with Critical severity level.

    Only the events with the selected severity level are displayed.

  3. Click Reset filter to display all the events.

Page top

[Topic 133666]

Advanced filter of events

Advanced filter enables you to filter the list of events and to search for events that match specific criteria. For example, you can view only events that occurred during the last day, or events that occurred on a particular computer, or that occurred at a particular client company.

Filter_events

Advanced filter for events

To apply advanced filter to the list of events:

  1. Click the Events tab.
  2. Click the value within the parentheses next to one of the field names in the Filter by section.
  3. In the Filter window specify the following criteria:

    Field

    How to set up a filter

    Client

    To filter the list of events by client, type any part of the client name in this field.

    Computer

    To filter the list of events by computer name, type any part of the computer name in this field; either the ConnectWise Automate computer name or a computer name in Kaspersky Security Center or Kaspersky Endpoint Security Cloud can be used.

    Administration Server / Cloud Bridge

    To filter the list of events by Administration Server (if you use Kaspersky Security Center), or by Cloud Bridge (if you use Kaspersky Endpoint Security Cloud), select the check boxes next to the required Administration Servers or Cloud Bridges.

    Virtual server / Workspace

    To filter the list of events by virtual server (if you use Kaspersky Security Center), or the workspace (if you use Kaspersky Endpoint Security Cloud), type any part of the virtual server or workspace name in this field.

    Event name

    To filter the list of events by name, type any part of the event name or description in this field.

    Occurred

    To filter the list of events by occurrence time, click one of the occurrence intervals. Click Anytime to display all the events.
  4. Click Apply.

    Only the selected events are displayed.

  5. On the Events tab, click Reset filter to display all the events.
Page top
[Topic 133667]