Support

Support for business applications

Kaspersky Anti Targeted Attack (KATA) Platform

For security officers: Getting started with the application web interface

Managing user-defined rules

Managing user-defined IOC rules

Viewing the table of IOC files

Kaspersky Anti Targeted Attack (KATA) Platform
Нет результатов
Knowledge Base Online Help
FAQ Download Forum Contact support Recovery tools

Viewing the table of IOC files

8 November 2023

ID 247422

If you are using the distributed solution and multitenancy mode, use the web interface of the PCN or SCN server for which you want to configure parameters.

The table of IOC files contains information about IOC files used for scanning on computers with the Endpoint Agent component installed; you can find the table in the Custom rules section, IOC subsection of the application web interface window.

The table of IOC files contains the following information:

  1. Apt_icon_Importance_new —Importance level that will be assigned to an alert generated using this IOC file.

    The importance level can have one of the following values:

    • Apt_icon_importance_low – Low importance.
    • Apt_icon_importance_medium – Medium importance.
    • Apt_icon_importance_high – High importance.
  2. Type—Type of IOC file depending on the application operating mode and the server to which the IOC file was uploaded:
    • Local—IOC files uploaded to an SCN server. These IOC files are used to search for indicators of compromise on hosts with the Endpoint Agent component connected to the SCN server.
    • Global—IOC files uploaded to the PCN server. These IOC files are used to search for indicators of compromise on hosts with the Endpoint Agent component connected to the PCN server and all SCN servers connected to the PCN server.
  3. Name—Name of the IOC file.
  4. Servers are names of servers with the PCN or SCN role to which the rule applies.

    This column is displayed if you are using the distributed solution and multitenancy mode.

  5. Autoscan—The IOC file is used when automatically scanning hosts with the Endpoint Agent component.

    Host scanning using this IOC file can have one of the following statuses:

    • Enabled
    • Disabled

See also

Managing user-defined IOC rules

Viewing information about an IOC file

Uploading an IOC file

Downloading an IOC file to a computer

Enabling and disabling the automatic use of an IOC file when scanning hosts

Deleting an IOC file

Searching for alerts in IOC scan results

Searching for events using an IOC file

Filtering and searching IOC files

Clearing an IOC file filter

Configuring an IOC scan schedule

Kaspersky Professional Services
Implementation services. Health check and security system configuration. Contact us if you need expert help.
Kaspersky Premium Support (MSA): High‑priority incident processing
Telephone and web ticket support. Fast response, monitoring and health check. Submit a request and activate the contract (MSA).
Did you find this article helpful?
What can we do better?
Thank you for your feedback! You're helping us improve.
Thank you for your feedback! You're helping us improve.