Viewing event details
Viewing event details
To open the event details panel, select an event in the events table in the Threat hunting section or in an alert details page.
The Event details panel appears in the right part of the web interface window and contains a list of the event parameters with values. In this area you can:
- Include the selected field in the search or exclude it from the search by clicking
or 
next to a parameter's value. - Find similar events and add or delete a prevention rule by clicking the FileHash and DeviceCustomString values.
- When integrated with Kaspersky CyberTrace and Kaspersky Threat Intelligence Portal, you can add to Internal TI of CyberTrace and show info from Threat Lookup by clicking the FileHash and DeviceCustomString values.
- View the settings of the service that registered the event by clicking the Service value.
In the Event details panel, the name of the described object is shown instead of its ID in the values of the following settings. If you change the filter settings from the Event details panel, the object's ID, and not its name, is added to the SQL query:
- TenantID
- SeriviceID
- DeviceAssetID
- SourceAssetID
- DestinationAssetID
- SourceAccountID
- DestinationAccountID
Did you find this article helpful?
What can we do better?
Thank you for your feedback! You're helping us improve.
Thank you for your feedback! You're helping us improve.
