Recommendations for processing events
August 12, 2024
ID 247647
The event window displays recommendations for processing the event in the box between the event tree and the information text for users with the Senior security officer role.
You can follow the following recommendations:
- Isolate <host name> – isolate the host with the Endpoint Agent component where the event was detected from the network. Applies to all event types.
- Create prevention rule – prohibit the execution of the file that was detected in the event. Applies to all event types except System event log.
- Create task — create a task. Applies to all event types except System event log.
Additionally, you can process the event by clicking the link with the name, path, MD5 or SHA256 hash of the file and the host name while viewing text information about the event in the lower part of the window.
Clicking the link with the file name or file path opens a list in which you can select one of the following actions:
- Find events.
- Find alerts.
- Run the following tasks:
- Copy value to clipboard.
Clicking the MD5 link opens a list in which you can select one of the following actions:
- Filter by this value.
- Exclude from filter.
- Find on Kaspersky TIP.
- Find events.
- Find alerts.
- Copy value to clipboard.
Clicking the SHA256 link opens a list in which you can select one of the following actions:
- Find events.
- Find alerts.
- Find on Kaspersky TIP.
- Find on virustotal.com.
- Find in Storage.
- Create prevention rule.
- Copy value to clipboard.
Clicking the link with the host name opens a list in which you can select one of the following actions:
- Find events.
- Find alerts.
- Run the following tasks:
- Copy value to clipboard.
Users with the Security auditor and Security officer roles are not shown recommendations for processing events.