Support

Support for business applications

Kaspersky Unified Monitoring and Analysis Platform

User guide

Example of incident investigation with KUMA

Step 4. Analyzing alert information

Kaspersky Unified Monitoring and Analysis Platform
Нет результатов
Knowledge Base Online Help
FAQ Solution overview Forum Contact support Product videos

Step 4. Analyzing alert information

April 8, 2024

ID 245830

Get as PDF

At this step, analyze the information about the alert to determine what data is required for further analysis of the alert.

Example

From the alert information, the analyst learns the following:

  • Which registry key has been modified
  • On which asset
  • The name of the account used to modify the key

This information can be viewed in the details of the event that caused the alert (AlertsR093_Modification of critical registry hivesRelated events → event 2022-08-23 17:27:05), in the FileName, DeviceHostName, and SourceUserName fields respectively.

Did you find this article helpful?
What can we do better?
Thank you for your feedback! You're helping us improve.
Thank you for your feedback! You're helping us improve.