The window showing information about a Scan: detect type event contains the following details:
Click the link to display information about the TAA (IOA) rule. If the rule was provided by Kaspersky experts, it contains information about the triggered MITRE technique as well as recommendations for reacting to the event.
The field is displayed if a TAA (IOA) rule was triggered when the event was created.
You can download this data by clicking Save to file.
Clicking the link with the file name or file path opens a list in which you can select one of the following actions:
Clicking the link with the host name opens a list in which you can select one of the following actions:
Clicking the MD5 link opens a list in which you can select one of the following actions:
Clicking the SHA256 link opens a list in which you can select one of the following actions:
Central Node server generates a Scan: detect event based on data received from EPP programs. If EPP programs are not installed on the computer and are not integrated with the Kaspersky Endpoint Agent program, information about the Scan: detect event is not logged in the event database and is not displayed in the Kaspersky Anti Targeted Attack Platform web interface.