The Detections tab of Kaspersky CyberTrace Web displays information about the incoming events that have produced detections in Kaspersky CyberTrace, including source events and detection events. You can use this tab to search events and filter them by criteria. The Detections tab contains the following elements:
Searching in detections
You can use the search bar to perform a full-text search in detections. The text string in a search query is tokenized so that search results contain both exact and fuzzy matches. Wildcards are not supported. Search results are displayed in the table below.
If the Search also in detection events toggle button is switched on, Kaspersky CyberTrace will search for a text string in incoming events and detection events. Otherwise, it will search only in incoming events. By default, the Search also in detection events toggle button is switched on.
The table with information about detections contains the following columns:
This column contains the system date and time of the detection (in the yyyy-mm-dd HH:MM:SS
format).
This column contains the name of the tenant. It is displayed only in multitenancy mode when there are several tenants.
This column contains the name of the event source.
This column contains the category of the detected object.
Once recorded, the category name does not change, even if the supplier name changes.
This column contains the indicator from the database that was matched to the incoming event.
Each row of the table contains information about one detection. You can click a detection to view the following detailed information:
This section contains the substrings extracted from the incoming event by regular expressions, as well as the whole source event.
This section contains the context fields of the matched indicator in the %FieldName%=%Value%
format and the whole detection event.
Where:
%FieldName%
is the name of the regular expression that was used for parsing the incoming event or the field name of the feed record that matched the detected indicator.%Value%
is the value of the regular expression that was used for parsing the incoming event or the value of the feed record that matched the detected indicator.Detections in the table are sorted by date and time, in descending order.
If the Auto-update table toggle button is switched on, Kaspersky CyberTrace updates the table with information about detections every 10 seconds.
Filtering detections
You can filter detections in the table by the following criteria:
You can specify a time period or a particular date.
You can specify one or several tenant names.
You can specify one or several event sources.
You can specify one or several categories of the detected object.
To filter detections in the table by criteria:
The content of the table is updated so that it contains only detections that meet the specified conditions.
You can specify several filtering criteria.
By default, filtering conditions are not applied.
Page top