Viewing information about a detected threat and response actions

To view all information about a detected threat and perform appropriate threat response actions, you can use the alert details window, which contains:

• Threat development chain graph
• Recommendations for responding to the threat with the UI for performing the chosen action
• General information about the threat detection (for example, the detection mode)
• Information about the protected device
• Information about the detected object
• History of files appearing on the device
• Information about the threat response actions performed by the application

In the alert details window, you can perform the following response actions:

• Isolate the device on which the threat was detected
• Quarantine file
• Create an IOC Scan task
• Prevent the execution of an application or script or the opening of a document identified by Kaspersky Industrial CyberSecurity for Linux Nodes as a threat. As a result of the execution prevention, the application adds an ICS EDR execution prevention rule for objects in the policy that manages the computer on which the blocked file is found.

The storage period for the alert details is 30 days. After this time expires, old entries are automatically deleted.

For more details about managing alert details, refer to the Kaspersky Industrial CyberSecurity Endpoint Detection and Response Help.

Page top