Kaspersky Anti Targeted Attack Platform
5.0
English

Contents

Viewing information about an IOC file

To view IOC file details:

  1. In the window of the program web interface, select the Custom rules section, IOC subsection.

    This opens the table of IOC files.

  2. Select the IOC file for which you want to view information.

This opens a window containing information about the IOC file.

The window contains the following information:

  • Clicking the Find alerts link opens the Alerts section with the filter condition populated with the name of your selected IOC file.
  • Clicking the Find events link opens the Threat Hunting section with the search condition populated with indicators of compromise of your selected IOC file.
  • Clicking the Download link opens the IOC file download window.
  • Autoscan—The IOC file is used when automatically scanning Kaspersky Endpoint Agent hosts.
  • Name—Name of the IOC file.
  • Importance—Importance level that will be assigned to an alert generated using this IOC file.

    The importance level can have one of the following values:

    • Apt_icon_importance_low – Low importance.
    • Apt_icon_importance_medium – Medium importance.
    • Apt_icon_importance_high – High importance.
  • Apply to—Displays the name of the tenant and the names of servers associated with events scanned based on this IOC file (in
    distributed solution
    and
    multitenancy mode
    ).
  • XML—Displays the IOC file contents in XML format.

See also

Managing user-defined IOC rules

Viewing the table of IOC files

Uploading an IOC file

Downloading an IOC file to a computer

Enabling and disabling the automatic use of an IOC file when scanning hosts

Deleting an IOC file

Searching for alerts in IOC scan results

Searching for events using an IOC file

Filtering and searching IOC files

Clearing an IOC file filter

Configuring an IOC scan schedule
Page top
[Topic 196138]