You can learn more about the indicators from the table by clicking the indicator that you want. You will go to a page that will provide you with the following information:
Type of the requested indicator
The indicator can be one of several types (for example, IP and URL).
Value of the requested indicator
List of event sources that are associated with the requested indicator
Mark indicating whether the requested indicator belongs to the FalsePositive supplier
Date and time when the requested indicator was added
Date and time of the latest indicator update
Link to information about the indicator on Kaspersky Threat Intelligence Portal
Link to the Kaspersky CyberTrace Web page that displays detection events
You can find the list of detection categories in the "Viewing detections" section.
List of tags assigned to the indicator
On this page you can perform the following actions:
Delete the indicator
Add information related to the InternalTI supplier, including adding or changing context information and summary
An indicator can be one of several types. In this case, you will be asked which type of indicator to add to the Internal TI list.
Mark the indicator as a false positive or delete the indicator from the list of false positives
An indicator can be one of several types. In this case, you will be asked which type of indicator to mark as a false positive or delete from the list of false positives.
Enable or disable a flag that indicates whether to generate detection events when the matching process is complete