Working with incident card
November 17, 2023
ID 200109
The incident card will be deleted automatically one month after it was created.
The incident card provides information required to analyze the incident and perform actions in response to the incident.
The following information is displayed in an incident card:
- General incident information.
- Information about the protected device on which the incident occurred.
- Information about the object detected during the incident.
You can perform the following actions on an incident card:
- Isolate the device on which the incident occurred.
- Quarantine file.
- Prevent the execution of a file detected during the incident.
- Create an IOC Scan task.
You can also use the functionality to work with untrusted objects available in Endpoint Protection Platform applications. For example, can also use the standard Kaspersky Security Center Web Console tools to add a file to the Kaspersky Endpoint Security for Windows Application Launch Control allow list or to send a file to Kaspersky experts for analysis. For details, refer to Kaspersky Endpoint Security for Windows Help.
