Data received as a result of IOC Scan task execution
Kaspersky Endpoint Agent automatically submits data on the IOC Scan task execution results to Kaspersky Security Center to create a threat development chain.
The data is stored in Kaspersky Security Center database. By default, this data is stored for 7 days.
The data in the IOC Scan task execution results may contain the following information:
IP address from the ARP table.
Physical address from the ARP table.
DNS record type and name.
IP address of the protected device.
Physical address (MAC-address) of the protected device.
Identifier in the event log entry.
Data source name in the log.
Log name.
User.
Event time.
MD5 hash of the file.
SHA256 hash of the file.
Full name of the file (including path).
File size.
Remote IP address to which connection was established during scan.
Remote port to which connection was established during scan.
Local adapter IP address.
Port open on the local adapter.
Protocol as a number (in accordance with the IANA standard).
Process name.
Process arguments.
Path to the process file.
Windows identifier (PID) of the process.
Windows identifier (PID) of the parent process.
User account that started the process.
Date and time when the process was started.
Service name.
Service description.
Path and name of the DLL service (for svchost).
Path and name of the service executable file.
Windows identifier (PID) of the service.
Service type (for example, a kernel driver or adapter).