Support

Support for business applications

Kaspersky Industrial CyberSecurity for Networks

Performing common tasks

Monitoring events and incidents

Exporting activity event data into a file of indicators of compromise

Kaspersky Industrial CyberSecurity for Networks
Нет результатов
Online Help
FAQ Download Forum Contact support Recovery tools Product videos

Exporting activity event data into a file of indicators of compromise

March 22, 2024

ID 264581

Get as PDF

When viewing details of EDR incidents, you can export data on activity events to an IOC file if you wish to detect such activity events during the next checks of EPP applications. You can use the received IOC file in IOC search tasks performed using Kaspersky Endpoint Agent.

To export activity event data to an IOC file:

  1. On the Events and incidents tab in the Events section, select an EDR incident (the event marked with the EDR icon) that contains a threat development chain with the appropriate activity events.

    The details area appears in the right part of the web interface window.

  2. In the details area, go to the All activity events tab and select the appropriate activity events.

    You can select activity events of the following types: File creation, Starting a process or Registry change.

  3. Click the Export to IOC file button.
  4. In the window that opens, select a condition for detecting indicators of compromise:
    • OR (any IOC detected) if you want the IOC search task to be triggered when any indicator of compromise from the IOC file is detected.
    • AND (all IOCs detected) if you want the IOC search task to be triggered when all indicators of compromise from the IOC file are detected.
  5. View the information that will be exported to the IOC file.

    Export is only available if non-zero values of the counters are displayed for any of the File creation, Starting a process and Registry change settings. The Non-exportable parameter contains the number of selected activity events whose data cannot be exported to an IOC file.

  6. Click the Export button.
  7. If it takes a long time (more than 15 seconds) to create the file, the file creation operation is transferred to the list of background operations. In this case, to download the file:
    1. Click the Icon in the form of an arrow pointing to the tray. button in the menu of the application web interface.

      The list of background operations appears.

    2. Wait for the file creation operation to finish.
    3. Click the Download file button.

Your browser will save the downloaded file. Depending on your browser settings, your screen may show a window in which you can change the path and name of the saved file.

Did you find this article helpful?
What can we do better?
Thank you for your feedback! You're helping us improve.
Thank you for your feedback! You're helping us improve.