The table of IOC files contains information about IOC files used for scanning on hosts with the Kaspersky Endpoint Agent program installed; you can find the table in the User rules section, IOC subsection of the program web interface window.
The table of IOC files contains the following information:
—Importance level that will be assigned to an alert generated using this IOC file.
The importance level can have one of the following values:
—Low importance.
—Medium importance.
—High importance.
Type—Type of uploaded IOC file depending on the application operating mode and the server on which the IOC file was uploaded. IOC files can be one of the following types:
Global—IOC files uploaded to the PCN server. These IOC files are used to search for indicators of compromise on Kaspersky Endpoint Agent hosts connected to the PCN server and all SCN servers connected to the PCN server.
Local—IOC files uploaded to an SCN server. These IOC files are used to search for indicators of compromise on Kaspersky Endpoint Agent hosts connected to the SCN server.
Name—Name of the IOC file.
Servers—Name of the server with the Central Node component.
Autoscan—The IOC file is used when automatically scanning Kaspersky Endpoint Agent hosts:
Host scanning using this IOC file can have one of the following statuses: