Support

Support for business applications

Kaspersky Anti Targeted Attack (KATA) Platform

For security officers: Getting started with the application web interface

Managing objects in Storage and quarantine

Viewing the table of objects that were placed in Storage

Kaspersky Anti Targeted Attack (KATA) Platform
Нет результатов
Knowledge Base Online Help
FAQ Download Forum Contact support Recovery tools

Viewing the table of objects that were placed in Storage

8 November 2023

ID 247432

The table of objects placed in Storage is in the Storage section, Files subsection of the application web interface window.

The table of objects placed in Storage contains the following information:

  1. Type is the method by which the object was placed in Storage.

    The following methods are possible:

    • Apt_icon_storage_fromtasks – The object was placed in Storage in one of the following ways:
      • The Get file task was run.
      • A copy was received of an object that was quarantined on hosts with the Endpoint Agent component (in the Storage section, Quarantine subsection, Get file from quarantine action was selected in the menu for the link with the directory of the object).
    • Apt_icon_storage_forensic_file – The object was placed in Storage in one of the following ways:
      • The Get forensics task was run.
      • The Get process memory dump task was run.
      • The Get registry key task was run.
      • The Get NTFS metafiles task was run.
    • Apt_icon_storage_downloaded – The object was manually downloaded by the user in the Storage section, Files subsection.
  2. Object—Information about the object. For example, the file name or file path.
  3. Scan results—Object scan result.

    The scan result is displayed as one of the following values:

    • Not detected—As a result of a scan, the application did not detect signs of a targeted attack, probably infected objects, or suspicious activity.
    • Error—Object scan ended with an error.
    • In process—Object scan has not yet completed.
    • Not scanned—Object was not sent to be scanned.
    • Detected—As a result of a scan, the application detected signs of a targeted attack, a probably infected object, or suspicious activity.
  4. Servers is the name of the server with the PCN or SCN role. The host from which the object was received is connected to this server.

    This column is displayed if you are using the distributed solution and multitenancy mode.

  5. Source—IP address or name of the host from which the object was received, or the name of the user account that uploaded the object.
  6. Record time—Date and time when the object was placed in Storage.
  7. Actions—Actions that can be performed with the object. The following actions are available:
    • apt_icon_storage_delete — delete an object from Storage.
    • apt_icon_storage_scan — send the object in Storage for scanning by the Anti-Malware Engine, YARA, and Sandbox technologies.
    • Apt_icon_storage_download — download the object from Storage to your computer.

Clicking the link with the file name or file path opens a list in which you can select one of the following actions:

  • Filter by this value.
  • Exclude from filter.
  • Download.
  • Send file for scanning.
  • Find events:
    • File path
    • MD5
    • SHA256
  • Find alerts:
    • File path
    • MD5
    • SHA256
  • Copy value to clipboard.

Clicking the link with the host name opens a list in which you can select one of the following actions:

  • Filter by this value.
  • Exclude from filter.
  • Find events.
  • Find alerts.
  • Copy value to clipboard.

See also

Managing objects in Storage and quarantine

Viewing information about an object manually placed in Storage using the web interface

Viewing information about an object placed in Storage by a get file task

Viewing information about an object placed in Storage by a get data task

Downloading objects from Storage

Uploading objects to Storage

Sending objects in Storage for scanning

Deleting objects from Storage

Filtering objects in Storage by object type

Filtering objects in Storage by object description

Filtering objects in Storage based on scan results

Filtering objects in Storage based on the name of Central Node, PCN, or SCN server

Filtering objects in Storage by object source

Filtering objects based on the time they were placed in Storage

Clearing a Storage objects filter

Viewing the table of objects quarantined on computers with the Kaspersky Endpoint Agent component

Viewing information about a quarantined object

Restoring an object from quarantine

Obtaining a copy of a quarantined object on a Kaspersky Anti Targeted Attack Platform server

Removing information about the quarantined object from the table

Filtering information about quarantined objects by object type

Filtering information about quarantined objects by object description

Filtering information about quarantined objects by host name

Filtering information about quarantined objects by time

Resetting the filter for information about quarantined objects

Kaspersky Professional Services
Implementation services. Health check and security system configuration. Contact us if you need expert help.
Kaspersky Premium Support (MSA): High‑priority incident processing
Telephone and web ticket support. Fast response, monitoring and health check. Submit a request and activate the contract (MSA).
Did you find this article helpful?
What can we do better?
Thank you for your feedback! You're helping us improve.
Thank you for your feedback! You're helping us improve.