Working with incident card

The incident card is deleted automatically one month after it was created.

The incident card provides information required to analyze the incident, as well as perform actions in response to the incident.

The following information is displayed in the incident card:

You can perform the following actions on the incident card:

You can also use the functionality for working with untrusted objects available in Endpoint Protection Platform applications. For example, can also use the standard Kaspersky Security Center Web Console tools to add a file to Kaspersky Endpoint Security for Windows Application Launch Control allow list or to send a file to Kaspersky experts for analysis. For details, refer to Kaspersky Endpoint Security for Windows Help.

In this section

Configuring a threat report for viewing incident cards

Prerequisites for creating threat development chain

Viewing the incident card

Selecting an action on a file from the incident card

Isolating a device from the incident card

Creating IOC Scan task from the incident card

Page top