Data received as a result of IOC Scan task execution
Kaspersky Endpoint Agent automatically submits data on the IOC Scan task execution results to Kaspersky Security Center to create a threat development chain.
The data is stored in the Kaspersky Security Center database. By default, this data is stored for 7 days.
The data in the IOC Scan task execution results may contain the following information:
IP address from the ARP table.
Physical address from the ARP table.
DNS record type and name.
IP address of the protected device.
Physical address (MAC-address) of the protected device.
Identifier in the event log entry.
Data source name in the log.
Log name.
User.
Event time.
MD5 hash of the file.
SHA256 hash of the file.
Full name of the file (including path).
File size.
Remote IP address to which connection was established during scan.
Remote port to which connection was established during scan.
Local adapter IP address.
Port open on the local adapter.
Protocol as a number (in accordance with the IANA standard).
Process name.
Process arguments.
Path to the process file.
Windows identifier (PID) of the process.
Windows identifier (PID) of the parent process.
User account that started the process.
Date and time when the process was started.
Service name.
Service description.
Path and name of the DLL service (for svchost).
Path and name of the service executable file.
Windows identifier (PID) of the service.
Service type (for example, a kernel driver or adapter).
Service status.
Service launch mode.
User account name.
Volume name.
Volume letter.
Volume type.
Windows registry value.
Registry hive value.
Registry key path (without hive and value name).
Registry setting.
System (environment).
Operating system name and version.
Network name of the protected device.
Domain or group the protected device belongs to.
Browser name.
Browser version.
Time when the web resource was last accessed.
URL from the HTTP request.
Name of the account used for the HTTP request.
File name of the process that made the HTTP request.
Full path to the file of the process that made the HTTP request.
Windows identifier (PID) of the process that made the HTTP request.
HTTP referer (HTTP request source URL).
URI of the resource requested over HTTP.
Information about the HTTP user agent (the application that made the HTTP request).
HTTP request execution time.
Unique identifier of the process that made the HTTP request.