Support

Support for business applications

Kaspersky XDR Expert

Threat hunting

Retrospective scan

Kaspersky Next XDR Expert
Online Help
FAQ Forum Contact support Recovery tools

Retrospective scan

May 15, 2024

ID 264546

Get as PDF

You can use the retrospective scan functionality to feed a sample of events into a correlator so that they can be processed by specific correlation rules. You can use retrospective scan to refine the correlation rule resources or analyze historical data.

You can also choose to create alerts based on a retrospective scan.

To use retrospective scan:

  1. In the main menu, go to Monitoring & reporting → Threat hunting.
  2. Click the ellipsis button in the top right corner of the events table, and then select Retroscan.

    The Retroscan panel opens.

  3. In the Correlator drop-down list, select the Correlator to feed selected events to.
  4. In the Correlation rules drop-down list, select the Correlation rules that must be used when processing events.
  5. To execute responses during event processing, turn on the Execute responses toggle switch.
  6. To generate alerts during event processing, turn on the Create alerts toggle switch.
  7. Click the Create task button.

    The retrospective scan task is created in the KUMA Task Manager section.

Did you find this article helpful?
What can we do better?
Thank you for your feedback! You're helping us improve.
Thank you for your feedback! You're helping us improve.