Viewing IOC Scan task execution results

To view the IOC Scan task execution results:

1. In the main Kaspersky Security Center Web Console window select Devices → Tasks.
2. To open the task settings window, click the task name.
3. Select the Application settings tab.
4. Select the IOC Scan results section.
5. In the Device drop-down list, select the devices, for which you want to view the results of IOC Scan task.

   A summary table with the task execution results on the selected devices is displayed.

   If compromise indicators are detected on devices, the Result column displays the compromise indicators detected link.

6. If you want to view detailed information on the detected compromise indicators on a specific device, do the following:
   1. Click the indicator(s) of compromise detected link in the row with the name of the desired device.

      The IOC results window opens that contains a list of all IOC files used in the task. If there is an object on the selected device that matches a certain compromise indicator, the Status column displays the Match value.

   2. Click the matched link in the row with the name of the desired IOC file.

      The IOC incident card window opens.

      IOC incident card contains information about objects on the device that match the conditions of the processed IOC file, as well as the text of the matched branches or individual conditions from this IOC file.

      Viewing the IOC incident card is not available for IOC files, for which no matches were detected on the device during scan.

See also Configuring Standard IOC Scan task

Page top