Using event selections
Event selections provide an onscreen view of named sets of events that are selected from the Administration Server database. These sets of events are grouped according to the following categories:
- By importance level—Critical events, Functional failures, Warnings, and Info events
- By time—Recent events
- By type—User requests and Audit events
You can create and view user-defined event selections based on the settings available, in the Kaspersky Security Center Cloud Console interface, for configuration.
Event selections are available in the Kaspersky Security Center Cloud Console, in the Monitoring & reporting section, by clicking Event selections.
By default, event selections include information for the last seven days.
Kaspersky Security Center Cloud Console has a default set of event (predefined) selections:
- Events with different importance levels:
- Critical events
- Functional failures
- Warnings
- Informational messages
- User requests (events of managed applications)
- Recent events (over the last week)
- Audit events
In Kaspersky Security Center Cloud Console, audit events related to service operations in your workspace are displayed. These events are conditioned by actions of Kaspersky specialists. These events, for example include the following: Administration Server ports changing; Administration Server database backup; creation, modification, and deletion of user accounts.
You can also create and configure additional user-defined selections. In user-defined selections, you can filter events by the properties of the devices they originated from (device names, IP ranges, and administration groups), by event types and severity levels, by application and component name, and by time interval. It is also possible to include task results in the search scope. You can also use a simple search field where a word or several words can be typed. All events that contain any of the typed words anywhere in their attributes (such as event name, description, component name) are displayed.
Both for predefined and user-defined selections, you can limit the number of displayed events or the number of records to search. Both options affect the time it takes Kaspersky Security Center Cloud Console to display the events. The larger the database is, the more time-consuming the process can be.
You can do the following:
- Edit properties of event selections
- Generate event selections
- View details of event selections
- Delete event selections
- Delete events from the Administration Server database