Viewing alert details

Alert details are available in the list of alerts. The list of alerts is available in the Report on threats or in the Alerts subsection of the Monitoring and reporting section in Kaspersky Security Center Web Console or Kaspersky Security Center Cloud Console.

If you add a license key for Kaspersky Endpoint Detection and Response Optimum, the Alerts subsection will automatically appear in the main menu in the Monitoring and reporting section. You can also configure the display of the Alerts subsection in the properties of Kaspersky Security Center Web Console or Kaspersky Security Center Cloud Console interface.

To work with alert details when using Kaspersky Endpoint Security for Windows 12.6 or later, Kaspersky Endpoint Security for Linux 12.1 or later, or Kaspersky Endpoint Security for Mac 12.1 or later, the Endpoint Detection and Response plug-in must be updated. Otherwise, if the Kaspersky Endpoint Agent web plug-in is installed, threat development chains in incident cards opened by this plug-in may contain limited data or errors. For more information on viewing incident cards, refer to the Kaspersky Endpoint Agent Help.

To view alert details in the Monitoring and reporting section:

  1. In the main window of Kaspersky Security Center Web Console or Kaspersky Security Center Cloud Console, select Monitoring & ReportingAlerts.
  2. Select the alert and click the Details link.

    The alert details are displayed.

To view alert details in the report on threats:

  1. In the main window of Kaspersky Security Center Web Console or Kaspersky Security Center Cloud Console, select Monitoring & ReportingReports.
  2. Select the Report on threats template and click the Show report button.
  3. In the report window, on the Details tab, select the alert and click the Open alert details link.

    The alert details are displayed.

To display alert details, Kaspersky Endpoint Detection and Response Optimum needs to get data from the device on which an alert occurs. If the data or device is not available, an error message is displayed. The device may take several minutes to respond.

When Kaspersky Security Center Cloud Console is used, only the first five detection details are available for viewing. To view all the detection details that appear in the report, use a distribution point in your network, configure it as a push server, and enable the Use distribution point to force connection to the Administration Server setting in the policy properties of Network Agent.

For information on viewing alert details in Kaspersky Security Center Linux, refer to the Kaspersky Security Center Linux Help.

Page top