Browsing detailed information about indicators
You can learn more about the indicators from the table by clicking the indicator that you want. You will go to a page that will provide you with the following information:
- Type of the requested indicator
The indicator can be one of several types (for example, IP and URL).
- Value of the requested indicator
- List of event sources that are associated with the requested indicator
- Tag indicating whether the requested indicator belongs to the FalsePositive supplier
- Date and time when the requested indicator was added
- Date and time of the latest indicator update
- Link to information about the indicator on Kaspersky Threat Intelligence Portal
- Link to the Kaspersky CyberTrace Web page that displays detection events
- External analysis links to the resources that contain additional information about indicators
For the full list of these resources, see subsection "External resources with additional information about indicators" below.
On this page you can perform the following actions:
- Delete the indicator
- Add information related to the InternalTI supplier, including adding or changing context information and summary
An indicator can be one of several types. In this case, you will be asked which type of indicator to add to the Internal TI list.
- Mark the indicator as a false positive or delete the indicator from the list of false positives
An indicator can be one of several types. In this case, you will be asked which type of indicator to mark as a false positive or delete from the list of false positives.
- Enable or disable a flag that indicates whether to generate detection events when the matching process is complete
- Add or delete comments related to the indicator
External resources with additional information about indicators
Below is a list of external resources that provide additional information about each type of indicator.
For the MD5, SHA1, and SHA256 indicator types, the following resources can be displayed:
- #totalhash
- AlienVault OTX
- VirusTotal
- Google
- IBM X-Force
- RecordFuture
- URLScan
- ThreatMiner
For the IP indicator type, the following resources can be displayed:
- #totalhash
- AlienVault OTX
- VirusTotal
- Google
- IBM X-Force
- Shodan
- URLScan
- ThreatMiner
- IPInfo
For the DOMAIN indicator type, the following resources can be displayed:
- #totalhash
- AlienVault OTX
- VirusTotal
- Google
- IBM X-Force
- Shodan
- URLScan
- ThreatMiner
For the URL indicator type, the following resources can be displayed:
- #totalhash
- AlienVault OTX
- VirusTotal
- Google
- IBM X-Force
- ThreatMiner
- WebArchive
Page top