We recommend enabling extended telemetry on the computer for retrospective IOC scanning. Extended telemetry improves the accuracy of IOC detection, but uses more resources of the computer.
Extended telemetry includes the support of the following additional terms:
FileItem/Md5sum
FileItem/Sha256sum
FileItem/SizeInBytes
FileItem/Created
FileItem/Modified
FileItem/Changed
FileItem/Accessed
FileItem/FileAttributes
If extended telemetry is disabled, Kaspersky Industrial CyberSecurity for Nodes may rotate the information about detected indicators of compromise.
To enable extended telemetry:
In the main window of the Web Console, select Assets (Devices) → Policies & profiles.
Click the name of the Kaspersky Industrial CyberSecurity for Nodes policy.
The policy properties window opens.
Select the Application settings tab.
Go to Telemetry collection servers → Endpoint Detection and Response (Industrial CyberSecurity) and click Configure.
Select the Enable advanced system activity logging check box.