Configuring an IOC scan schedule

You can configure the schedule for searching for indicators of compromise using IOC files on Kaspersky Endpoint Agent hosts.

To configure the schedule for searching for indicators of compromise using IOC files on Kaspersky Endpoint Agent hosts:

  1. In the window of the program web interface, select the Settings section, IOC scanning schedule subsection.
  2. In the Start time drop-down lists, select the start time of the indicator of compromise search.
  3. In the Maximum scan duration drop-down list, select a time limit for completing the indicator of compromise search.
  4. Click Save.

The new schedule for searching for indicators of compromise using IOC files on Kaspersky Endpoint Agent hosts becomes active immediately after changes are saved. Results of the indicator of compromise search are displayed in the alert table.

Users with Security auditor and Security officer roles cannot configure the schedule for searching for indicators of compromise using IOC files on Kaspersky Endpoint Agent hosts.

See also

Managing user-defined IOC rules

Viewing the table of IOC files

Viewing information about an IOC file

Uploading an IOC file

Downloading an IOC file to a computer

Enabling and disabling the automatic use of an IOC file when scanning hosts

Deleting an IOC file

Searching for alerts in IOC scan results

Searching for alerts using an IOC file

Filtering and searching IOC files

Clearing an IOC file filter

Page top