Kaspersky Anti Targeted Attack Platform

Kaspersky Anti Targeted Attack Platform

Print Support Send link

Contents

Data on detected threats

Data on detected threats

The scope of transmitted data on detected threats depending on the technology that was used to generate the alert is listed in the table below.

Data on detected threats

Technology	Parameter	Description	Data type	Example
One of the following technologies: Anti-Malware Engine. YARA. Intrusion Detection System.	`detect`	List of detected threats.	Array	`HEUR:Trojan.Win32.Generic, Trojan-DDoS.Win32.Macri.avy, UDS:DangerousObject.Multi.Generic`
	`dataBaseVersion`	Version of databases used to scan the file.	Integer	`201811190706`
Sandbox	`detect`	List of detected threats.	Array	`HEUR:Trojan.Win32.Generic, Trojan-DDoS.Win32.Macri.avy, UDS:DangerousObject.Multi.Generic`
	`image`	Name of the virtual machine image where the file was scanned.	String	`Win7`
	`dataBaseVersion`	Database version in the following format: `<version of the program databases which were used to scan the file> / <version of the IDS module databases>`.	Integer	`201902031107/ 201811190706`
URL Reputation	`detect`	List of URL Reputation categories for the detected object (for objects of type `URL` or `host`).	Array	`Phishing host, Malicious host, Botnet C&C(Backdoor.Win32.Mokes)`
Targeted Attack Analyzer	`detect`	Name of the TAA module alert.	The only possible value is `Suspicious remote host activity`	`Suspicious remote host activity`

See also

Data on detected objects

Data on the environment of detected objects