IOC scan results

The IOC alert processing result window displays the following information:

• In the File section:
  • File size.
  • Full path. Clicking the link with Full path opens a list in which you can select one of the following actions:
    • Find events.
    • Find alerts.
    • Run the following tasks:
      • Kill process.
      • Delete file.
      • Get file.
      • Quarantine file.
    • Copy value to clipboard.
  • SHA256. Clicking the SHA256 link opens a list in which you can select one of the following actions:
    • Find on KL TIP.
    • Find on virustotal.com.
    • Find events.
    • Find alerts.
    • Create a prevention rule.
    • Copy value to clipboard.
  • MD5. Clicking the MD5 link opens a list in which you can select one of the following actions:
    • Find on KL TIP.

      Kaspersky information system Contains and displays reputation information for files and URL addresses.

    • Find events.
    • Find alerts.
    • Create a prevention rule.
    • Copy value to clipboard.
• The IOC section provides the XML code of the IOC file. The criterion by which the alert was generated is highlighted in yellow.

See also Viewing alerts Viewing alert details General information about an alert of any type Information in the Object information section Information in the Alert information section Information in the Scan results section Information in the IDS rule section Information in the Network event section Scan results in Sandbox Information in the Hosts section Information in the Change log section Sending alert data

Page top