Support

Support for business applications

Kaspersky Endpoint Detection and Response Optimum

Working with alert details

Creating an IOC Scan task from alert details
Kaspersky Endpoint Detection and Response Optimum
Нет результатов
Knowledge Base Online Help
Advice & Solutions FAQ System requirements Download Forum Contact support Recovery tools Product videos

Creating an IOC Scan task from alert details

March 5, 2024

ID 220399

To create an IOC Scan task from the alert details:

  1. Open the alert details.
  2. On the All alert events tab, select the items from which you want to create an IOC Scan task.
  3. Click Create IOC.
  4. Select the triggering criteria for the compromise indicator:
    • If you want the indicator of compromise to be triggered when any of the selected objects is detected, select OR on the right side of the screen.
    • If you want the indicator of compromise to be triggered when all the selected objects are detected, select AND on the right side of the screen.
  5. Select the actions to be taken when the IOC is triggered:
  6. Click Create task.

You can view created tasks in the Devices → Tasks section.

When you create an IOC Scan task for the selected object (file or process) from the alert details, an IOC with the FileItem term is automatically created. For details on IOC terms, refer to the Kaspersky Endpoint Security for Windows Help or Kaspersky Endpoint Agent Help.

Did you find this article helpful?
What can we do better?
Thank you for your feedback! You're helping us improve.
Thank you for your feedback! You're helping us improve.