Support

Support for business applications

Kaspersky Industrial CyberSecurity Endpoint Detection and Response

Working with alert details

Creating IOC Scan task from alert details

Kaspersky Industrial CyberSecurity Endpoint Detection and Response
Online Help
FAQ Download Forum Contact support Recovery tools Product videos

Creating IOC Scan task from alert details

September 9, 2022

ID 231353

To create an IOC Scan task from the alert details:

  1. Open the alert details.
  2. On the All alert events tab, select the items from which you want to create an IOC Scan task.
  3. Click Create IOC.
  4. Select the triggering criteria for the compromise indicator:
    • If you want the indicator of compromise to be triggered when any of the selected objects is detected, select OR on the right side of the screen.
    • If you want the indicator of compromise to be triggered when all the selected objects are detected, select AND on the right side of the screen.
  5. Select the actions to be taken when the IOC is triggered:
  6. Click Create task.

You can view the created tasks in the Devices → Tasks section.

When you create an IOC Scan task for the selected object (file or process) from the alert details, an IOC with the FileItem term is automatically created. For details on IOC terms, refer to Kaspersky Endpoint Agent Help.

Did you find this article helpful?
What can we do better?
Thank you for your feedback! You're helping us improve.
Thank you for your feedback! You're helping us improve.