Support

Support for business applications

Kaspersky Endpoint Detection and Response Expert

Alerts

Viewing the alert table
Kaspersky Endpoint Detection and Response Expert
Online Help
Advice & Solutions FAQ Download Forum Contact support Recovery tools Product videos

Viewing the alert table

March 20, 2024

ID 221571

The alert table provides you an overview of all alerts registered by Kaspersky EDR Expert.

To view the alert table:

  1. In the main menu, go to MONITORING & REPORTING Alerts.
  2. If you have both Kaspersky EDR Optimum and Kaspersky EDR Expert integrated into Kaspersky Security Center Cloud Console, the Alerts section is divided into two tabs. Go to the Expert tab. Otherwise, skip this step.

The alert table is displayed.

The alert table has the following columns:

  • Alert ID. The unique identifier of an alert.
  • Registered. The date and time when the alert was added to the alert table.
  • Updated. The date and time of the last change from the alert history.
  • Status. The current status of the alert.
  • Analyst. The current assignee of the alert.
  • Detection source. The application that obtained the telemetry data.
  • Technology. The technology that detected the alert.
  • Rules. The IOC or IOA rules that were triggered to detect the alert.
  • Affected assets. The devices and users that were affected by the alert.
  • Observables. Detection artifacts, for example IP addresses or MD5 hashes of files.
  • SIDs. Security identifiers of users whose devices or accounts were affected by the alert.

See also:

About alerts

Viewing alert details

Assigning alerts to analysts

Changing an alert status

Linking alerts to incidents

Unlinking alerts from incidents

Did you find this article helpful?
What can we do better?
Thank you for your feedback! You're helping us improve.
Thank you for your feedback! You're helping us improve.