Configuring IoC scans for potential threats

By using IoC scans, you can configure a regular search for Indicators of Compromise (IoCs) on devices and automatic response measures to be taken if IoCs are found.

You can define settings of three IoC scans:

• Proactive scan

  If you find somewhere (for example, on the internet) that a certain threat is characterized by a set of IoCs, you can add these IoCs to this scan, to check your users' devices.

  The scan scope is all of your users' devices running Windows. It cannot be modified. All new devices that are added in the future will be automatically included in the scan scope.

• Reactive scan

  If Kaspersky Endpoint Security Cloud detects a threat on one of your users' devices, you can add IoCs of that threat to this scan, to check other devices.

  The scan scope is all of your users' devices running Windows. It cannot be modified. All new devices that are added in the future will be automatically included in the scan scope.

• Custom scan

  You can add any threat to this scan, to check your users' devices.

  The scan scope is a custom selection of your users' devices running Windows. All new devices that are added in the future will be automatically included in the scan scope.

Later, when analyzing alerts about Endpoint Protection Platform (EPP) detections on your users' devices, you may want to add the found IoCs to the settings of Reactive scan, to check other devices for the same threat.

To configure IoC scans:

1. Open Kaspersky Endpoint Security Cloud Management Console.
2. Select the Security management → Endpoint Detection and Response section.
3. Click the IoC scan button.
4. In the IoC scan window that opens, define the settings of the required IoC scans.
5. Click Close to close the IoC scan window.

IoC scans are configured.

In this section Adding a threat to an IoC scan IoC scan scope in the registry Defining IoC scan settings Resetting IoC scan settings to default values

Page top