IOA tags—Information about the results of file analysis using the Targeted Attack Analyzer technology: name of the TAA (IOA) rule that was used to create the alert.
Click the link to display information about the TAA (IOA) rule. If the rule was provided by Kaspersky experts, it contains information about the triggered MITRE technique as well as recommendations for reacting to the event.
The MITRE ATT&CK (Adversarial Tactics, Techniques & Common Knowledge) database contains descriptions of hacker behavior based on the analysis of real attacks. It is a structured list of known hacker techniques represented as a table.
The field is displayed if a TAA (IOA) rule was triggered when the event was created.
Search scope—LDAP search scope. Can have one of the following values: ADS_SCOPE_BASE, ADS_SCOPE_ONELEVEL, ADS_SCOPE_SUBTREE.
Search filter—LDAP search filter.
Distinguished name—Name of the LDAP directory entry.
Search attribute list—Attributes specified in the search query as values to be returned.
Launch parameters—Process startup settings.
Event initiator section:
File—Name of the parent process file.
MD5—MD5 hash of the parent process file.
SHA256—SHA256 hash of the parent process file.
System info section:
Host name—Name of the host on which the LDAP search was performed.
User name—Name of the user whose account was used to run the LDAP search.
OS version—Version of the operating system that is being used on the host.