About alert details

Alert details contain all available information about the detected threat and allow you to manage alert response actions.

Alert details contain the following information:

• Threat development chain graph that provides visual information about the objects involved, such as key processes on the device, network connections, libraries, registry hives. It is used to analyze the causes of the threat.
• General information about the alert, including detection mode (for example, detection during on-demand scan or during automatic scan).
• Information about the protected device on which the alert occurs (for example, device name, IP address, MAC address, user list, operating system).
• Information about detected object.
• Registry changes associated with the alert.
• History of the file presence on the device.
• Response actions performed by the application.

You can perform the following response actions from the alert details:

• isolate the device on which the alert occurred;
• quarantine file;
• create an IOC Scan task;
• prevent execution of the detected file.

Alert details are automatically deleted one month after creation.

If the amount of information in the alert details exceeds 100 KB, or if more than 20 alerts occurred on the device during a day, then the alert data is stored on the device locally and connection to the device is required to access this data.