Managing IOC Scan tasks in Kaspersky Endpoint Agent

You can manage IOC Scan tasks in Kaspersky Security Center or through Kaspersky Endpoint Agent command line interface, as well as download IOC files and configure IOC scan schedule in Kaspersky Anti Targeted Attack Platform web interface. The description of each IOC Scan task type and information on the available management capabilities for IOC Scan tasks are shown in the table below.

Managing IOC Scan tasks.

Task type	Using Kaspersky Security Center	Using the Central Node component	Using the command line interface
Standard IOC Scan task	Creating, removing and starting the task manually. Viewing detailed reports on the task execution results as a summary table and in the Detected IOCs card. Detected IOCs card contains information about objects that match the conditions of the processed IOC file, as well as the text of the matched branches or individual conditions from this IOC file. Viewing the Detected IOCs card is not available for IOC files, for which no indicators of compromise were detected during scan. IOC collection export. Configuring the following task settings in the task creation wizard or in the task properties after the task creation: IOC collection settings. IOC scan settings. Application actions when detecting IOC (network isolation of the device and start of the scan tasks using EPP on the device). Task schedule settings. Storage time for the task execution results on the Administration Server (unavailable in the task creation wizard).	Task management is not applicable.	Creating and running the task with the required settings. Viewing data on the task execution.
Autonomous IOC Scan task	Configuring the task start settings. Starting and removing the task manually. Enabling response to the threats detected by Kaspersky Sandbox. Adding an action to automatically create an Autonomous IOC Scan Task. Viewing detailed reports on the task execution results as a summary table and in the Detected IOCs card. IOC collection export. Configuring the following settings in the task properties: Application actions when detecting IOC (quarantining an object and deleting it from the device; starting the scan tasks using EPP on the device). Task schedule settings. Storage time for the task execution results on the Administration Server.	Task management is not applicable.	Task management is not applicable.
IOC Scan task created by Central Node	Task management is not applicable.	Downloading IOC files, configuring IOC scan schedule.	Task management is not applicable.

Page top