Viewing information about Endpoint Detection and Response alerts
You can view information about Endpoint Detection and Response alerts in a widget and a table. The widget shows up to 10 alerts and the table shows up to 1000 alerts.
If you have configured notifications about the IoC found events, sometimes you may be notified about a detected IoC before the respective alert is displayed inside Kaspersky Next. This is because events occur when the IoC scan is still in progress, while an alert appears only after the scan ends.
Endpoint Detection and Response widget
To view the Endpoint Detection and Response widget:
Alert details, depending on the technology that detected the alert:
If the alert was detected by Endpoint Protection Platform (EPP)—threat development chain graph, to perform root-cause analysis of the attack and take response measures.
Open the Endpoint Detection and Response alerts window in any of the following ways:
In the Information panel section, click the Monitoring tab, and then click the Go to the list of alerts link in the Endpoint Detection and Response widget.
Select the Security management → Endpoint Detection and Response section.
If Endpoint Detection and Response is disabled, start using the feature.
The table displays the requested information.
Filter the displayed records by selecting the required values in the drop-down lists:
Detected on
The period over which alerts have occurred.
Status
The status of alerts, depending on the technology that detected them:
If an alert was detected by EPP—whether the detected objects have been treated or untreated (deleted).
If an alert was detected by IoC scan—whether IoCs have been only detected or automatic response measures have been taken.
Technology
The technology that detected alerts: EPP or IoC scan.
From the displayed table, you can proceed to the following:
Alert details, depending on the technology that detected the alert:
If the alert was detected by Endpoint Protection Platform (EPP)—threat development chain graph, to perform root-cause analysis of the attack and take response measures.