Kaspersky CyberTrace
User guides > Using Kaspersky CyberTrace Web > Working with indicators > Browsing detailed information about indicators

Browsing detailed information about indicators

You can learn more about the indicators from the table by clicking the indicator that you want. You will go to a page that will provide you with the following information:

  • Type of the requested indicator

    The indicator can be one of several types (for example, IP and URL).

  • Value of the requested indicator
  • List of event sources that are associated with the requested indicator
  • Tag indicating whether the requested indicator belongs to the FalsePositive supplier
  • Date and time when the requested indicator was added
  • Date and time of the latest indicator update
  • Link to information about the indicator on Kaspersky Threat Intelligence Portal
  • Link to the Kaspersky CyberTrace Web page that displays detection events
  • External analysis links to the resources that contain additional information about indicators

    For the full list of these resources, see subsection "External resources with additional information about indicators" below.

On this page you can perform the following actions:

  • Delete the indicator
  • Add information related to the InternalTI supplier, including adding or changing context information and summary

    An indicator can be one of several types. In this case, you will be asked which type of indicator to add to the Internal TI list.

  • Mark the indicator as a false positive or delete the indicator from the list of false positives

    An indicator can be one of several types. In this case, you will be asked which type of indicator to mark as a false positive or delete from the list of false positives.

  • Enable or disable a flag that indicates whether to generate detection events when the matching process is complete
  • Add or delete comments related to the indicator

External resources with additional information about indicators

Below is a list of external resources that provide additional information about each type of indicator.

For the MD5, SHA1, and SHA256 indicator types, the following resources can be displayed:

  • #totalhash
  • AlienVault OTX
  • VirusTotal
  • Google
  • IBM X-Force
  • RecordFuture
  • URLScan
  • ThreatMiner

For the IP indicator type, the following resources can be displayed:

  • #totalhash
  • AlienVault OTX
  • VirusTotal
  • Google
  • IBM X-Force
  • Shodan
  • URLScan
  • ThreatMiner
  • IPInfo

For the DOMAIN indicator type, the following resources can be displayed:

  • #totalhash
  • AlienVault OTX
  • VirusTotal
  • Google
  • IBM X-Force
  • Shodan
  • URLScan
  • ThreatMiner

For the URL indicator type, the following resources can be displayed:

  • #totalhash
  • AlienVault OTX
  • VirusTotal
  • Google
  • IBM X-Force
  • ThreatMiner
  • WebArchive
Article ID: 203347, Last review: Apr 14, 2021
Page top