On the Kaspersky CyberTrace web user interface you can select the Detections tab. This tab displays the detects that can meet the filtering conditions specified in the Filtering conditions section and contains the following sections:
The Detections section contains a table that provides the following information about detection events:
This column contains system date and time of the event (in the %M.%d.%Y %H:%i:%s format).
Once recorded, the category name does not change, even if the corresponding supplier name changes.
This column contains the indicator from the database that was matched to the incoming event.
Detection event has the %FieldName%: %Value% format.
Here,
%FieldName% is the name of the regular expression is used for parsing incoming events or the field name of the feed record that matched the detected indicator.%Value% is the value of the regular expression is used for parsing incoming events or the value of the feed record that matched the detected indicator.Detections in the table are sorted by date and time in descending order.
You can update the table contents by clicking the Auto-update table toggle button. Kaspersky CyberTrace will then update the data in the table every 10 seconds.
Filtering conditions
In this section you can specify the following filtering conditions for the Detections table contents:
You can specify a period or the particular date for the data to be displayed.
You can specify one or several tenant names.
You can specify one or several event sources.
You can specify one or several categories of the detected object.
You can specify only one text substring.
You can specify one or several indicators.
By default, filtering conditions are not applied.
Page top