This section provides information related to Kaspersky Endpoint Agent for Windows. This information may be partially or completely inapplicable to Kaspersky Endpoint Agent for Linux. For complete information about Kaspersky Endpoint Agent for Linux, please refer to the Help of the solution that includes the application: Kaspersky Anti Targeted Attack Platform or Kaspersky Managed Detection and Response.
To view the IOC Scan task execution results:
A summary table with the task execution results on the selected devices will be displayed.
If compromise indicators are detected on devices, the Results column displays the compromise indicators detected link.
The IOC Scan results window opens that contains a list of all IOC files used in the task. If there is an object on the selected device that matches a certain compromise indicator, the Status column displays the Match value.
The IOC incident card window opens.
The IOC incident card contains information about objects on the device that match the conditions of the processed IOC file, as well as the text of the matched branches or individual conditions from this IOC file.
Viewing the IOC incident card is not available for IOC files for which no matches were detected on the device during scanning.