Browsing detailed information about indicators

You can learn more about the indicators from the table by clicking the indicator that you want. You will go to a page that will provide you with the following information:

• Type of the requested indicator

  The indicator can be one of several types (for example, IP and URL).

• Value of the requested indicator
• List of event sources that are associated with the requested indicator
• Mark indicating whether the requested indicator belongs to the FalsePositive supplier
• Date and time when the requested indicator was added
• Date and time of the latest indicator update
• Link to information about the indicator on Kaspersky Threat Intelligence Portal
• Link to the Kaspersky CyberTrace Web page that displays detection events

  You can find the list of detection categories in the "Viewing detections" section.

• List of tags assigned to the indicator

On this page you can perform the following actions:

• Delete the indicator
• Add information related to the InternalTI supplier, including adding or changing context information and summary

  An indicator can be one of several types. In this case, you will be asked which type of indicator to add to the Internal TI list.

• Mark the indicator as a false positive or delete the indicator from the list of false positives

  An indicator can be one of several types. In this case, you will be asked which type of indicator to mark as a false positive or delete from the list of false positives.

• Enable or disable a flag that indicates whether to generate detection events when the matching process is complete
• Assign or remove tags
• Add or delete comments related to the indicator