About alert details
July 9, 2024
ID 220583
Alert details contain all available information about a detected threat and let you manage alert response actions.
Alert details contain the following information:
- A graph of the threat development chain that provides visual information about the objects involved, such as key processes on the device, network connections, libraries, and registry hives.
- Recommendations on responding to the alert. Each recommendation has a link that you can click to apply the selected response action.
For alerts received from Kaspersky Endpoint Security for Windows, this section is available only in the Kaspersky Endpoint Security for Windows web plug-in 11.9.0 and later.
- General information about the alert, including detection mode (for example, detection during an on-demand scan or during automatic scan).
- Information about the protected device on which the alert occurs (for example, device name, IP address, MAC address, user list, operating system).
- Information about the detected object.
- Registry changes associated with the alert.
- History of the files' presence on the device.
- Response actions performed by the application.
- Information about the trust group, digital signature, file distribution, and other data.
This information is available only if Kaspersky Security Network has been enabled before a threat is detected. For alerts received from Kaspersky Endpoint Security for Windows, this information is available only if Kaspersky Endpoint Security for Windows 11.10.0 or later is installed on the organization's devices and Kaspersky Endpoint Security plug-in 11.10.0 or later is used in Kaspersky Security Center.
The data in the alert details is current as of the time the threat was detected. The solution does not update this information, so it may differ from the data and indicators displayed on Kaspersky Threat Intelligence Portal. To view up-to-date data, use the links to Kaspersky Threat Intelligence Portal data in the alert details.
You can perform the following response actions from the alert details:
- Isolate the device on which the alert occurred.
- Quarantine file.
This functionality is not supported by Kaspersky Endpoint Security for Linux 12.1.
- Create an IOC Scan task.
- Prevent execution of the detected file.
This functionality is not supported by Kaspersky Endpoint Security for Linux 12.1.
Alert details are automatically deleted one month after creation.
For devices with Kaspersky Endpoint Security for Windows: if the size of the information in alert details exceeds 1 MB, or if more than five alerts occur on the device in one day, then the alert data is stored on the device locally and a connection to the device is required to access this data. For devices with Kaspersky Endpoint Agent and any EPP application, these threshold values are 100 KB and 20 detections, respectively.