Support

Support for business applications

Kaspersky XDR Expert

Threat response

Response actions

Updating databases

Kaspersky Next XDR Expert
Online Help
FAQ Forum Contact support Recovery tools

Updating databases

May 15, 2024

ID 262377

Get as PDF

To detect threats quickly and keep the protection level of a client device up to date, you have to regularly update databases and application modules on the device.

You can update databases on a device in one of the following ways:

  • From the alert or incident details
  • From the device details
  • From an investigation graph

You can also configure the response action to run automatically when creating or editing a playbook.

To update databases on a device, you must have one of the following XDR roles: Main administrator, Tenant administrator, Junior analyst, Tier 1 analyst, Tier 2 analyst.

It might take up to 15 minutes to launch a response action due to the synchronization interval between the managed device and Administration Server.

Updating databases from the alert or incident details

To update databases on a device from the alert or incident details:

  1. Do one of the following:
    • In the main menu, go to Monitoring & reportingAlerts. In the ID column, click the ID of the alert that includes the device on which databases are to be updated.
    • In the main menu, go to Monitoring & reportingIncidents section. In the ID column, click the ID of the incident that includes the device on which databases are to be updated.
  2. In the window that opens, go to the Assets tab.
  3. Select check box next to the devices on which databases are to be updated.

    You can select several devices, if necessary.

  4. In the Select response actions drop-down list, select Update databases.

If the operation is completed successfully, an appropriate message is displayed on the screen. Otherwise, an error message is displayed.

Updating databases from the device details

To update databases on a device from the device details:

  1. Do one of the following:
    • In the main menu, go to Monitoring & reportingAlerts. In the ID column, click the ID of the alert that includes the device on which databases are to be updated.
    • In the main menu, go to Monitoring & reportingIncidents section. In the ID column, click the ID of the incident that includes the device on which databases are to be updated.
  2. In the window that opens, go to the Assets tab.
  3. Click the name of the required device, and then in the drop-down list, select View properties.
  4. In the Select response actions drop-down list, select Update databases.

If the operation is completed successfully, an appropriate message is displayed on the screen. Otherwise, an error message is displayed.

Updating databases from an investigation graph

This option is available if the investigation graph is built.

To update databases on a device from an investigation graph:

  1. In the main menu, go to Monitoring & reportingIncidents section. In the ID column, click the ID of the incident that includes the device on which databases are to be update.
  2. Click the View on graph button.
  3. In the investigation graph that opens, click the device name to open the device details.
  4. In the Select response actions drop-down list, select Update databases.

If the operation is completed successfully, an appropriate message is displayed on the screen. Otherwise, an error message is displayed.

Did you find this article helpful?
What can we do better?
Thank you for your feedback! You're helping us improve.
Thank you for your feedback! You're helping us improve.