This section provides information related to Kaspersky Endpoint Agent for Windows. This information may be partially or completely inapplicable to Kaspersky Endpoint Agent for Linux. For complete information about Kaspersky Endpoint Agent for Linux, please refer to the Help of the solution that includes the application: Kaspersky Anti Targeted Attack Platform or Kaspersky Managed Detection and Response.
When creating IOC Scan tasks, consider the following requirements and limitations related to IOC files:
The table below shows the features and limitations of the OpenIOC standard supported by the application.
Features and limitations of the OpenIOC standard versions 1.0 and 1.1
Supported conditions |
OpenIOC 1.0:
OpenIOC 1.1:
|
Supported condition attributes |
OpenIOC 1.1:
|
Supported operators |
|
Supported data types |
|
Data types interpretation details |
The following data types are interpreted as string: The application supports interpretation of the OpenIOC 1.0: Using the
OpenIOC 1.1: Using the Using the The application supports interpretation of the |
Supported IOC terms |
The full list of supported IOC terms is provided in a separate table. |