You can now group entries if more than 10,000 events exist.
In information about Remote connectiontype events, a link is added to the Remote IP field. You can click the link to:
Find events and alerts with the same IP address in the program database
View information about this IP address on the KL TIP portal
Copy the IP address to the clipboard
In the event information window, links to separate pages are now opened in a new browser tab.
The Reference field that contained links to third-party websites is now removed from the information of alerts created using the IDS technology.
The display of information about hosts with Kaspersky Endpoint Agent is optimized.
Kaspersky Endpoint Agent 3.8 now has the following new features:
Search for indicators of compromise (OpenIOC) by means of group user tasks. The list of supported terms of the OpenIOC standard is significantly extended compared to the previous version. The full list of supported terms of the OpenIOC standard is provided in Kaspersky Anti Targeted Attack Platform Guide.
Network isolation of a compromised device by command from Kaspersky Anti Targeted Attack Platform.
Capability to activate Kaspersky Endpoint Agent to enable integration with Kaspersky Anti Targeted Attack Platform is implemented.
Integration with Kaspersky Anti Targeted Attack Platform (KEDR):
Transmitting telemetry data from the protected devices to Kaspersky Anti Targeted Attack Platform for subsequent retrospective analysis.
Applying filter settings for telemetry from the protected devices.
Applying the settings of protection against complex threats: list of rules for preventing execution of scripts and launch of executable files, lists of rules prohibiting opening of documents, the rules of network isolation of devices.
Execution of the following tasks received from Kaspersky Anti Targeted Attack Platform: Delete file, Get file, Quarantine file, Restore file from Quarantine, Run program, and Terminate process.