This section provides information related to Kaspersky Endpoint Agent for Windows. This information may be partially or completely inapplicable to Kaspersky Endpoint Agent for Linux. For complete information about Kaspersky Endpoint Agent for Linux, please refer to the Help of the solution that includes the application: Kaspersky Anti Targeted Attack Platform or Kaspersky Managed Detection and Response.
To view the IOC Scan task execution results:
A summary table with the task execution results on the selected devices will be displayed.
If compromise indicators are detected on devices, the Result column will display the compromise indicators detected link.
The IOC results window, which contains a list of all IOC files used in the task, will open. If there is an object on the selected device that matches a certain compromise indicator, the Status column will display the Match value.
The IOC incident card window will open.
The IOC incident card contains information about objects on the device that match the conditions of the processed IOC file, as well as the text of the matched branches or individual conditions from this IOC file.
Viewing the IOC incident card is not available for IOC files for which no matches were detected on the device during scanning.