Viewing IOC Scan task execution results

This section provides information related to Kaspersky Endpoint Agent for Windows. This information may be partially or completely inapplicable to Kaspersky Endpoint Agent for Linux. For complete information about Kaspersky Endpoint Agent for Linux, please refer to the Help of the solution that includes the application: Kaspersky Anti Targeted Attack Platform or Kaspersky Managed Detection and Response.

To view the IOC Scan task execution results:

In the main Kaspersky Security Center Web Console window select Devices → Tasks.
To open the task settings window, click the task name.
Select the Application settings tab.
Select the IOC Scan results section.
In the Device drop-down list, select the devices for which you want to view the results of the IOC Scan task.
A summary table with the task execution results on the selected devices will be displayed.

If compromise indicators are detected on devices, the Result column will display the compromise indicators detected link.
If you want to view detailed information on the detected compromise indicators on a specific device, do the following:
1. Click the indicator(s) of compromise detected link in the row with the name of the desired device.
  The IOC results window, which contains a list of all IOC files used in the task, will open. If there is an object on the selected device that matches a certain compromise indicator, the Status column will display the Match value.
2. Click the matched link in the row with the name of the desired IOC file.
  The IOC incident card window will open.
  
  The IOC incident card contains information about objects on the device that match the conditions of the processed IOC file, as well as the text of the matched branches or individual conditions from this IOC file.
  
  Viewing the IOC incident card is not available for IOC files for which no matches were detected on the device during scanning.