Support

Support for business applications

Kaspersky Anti Targeted Attack (KATA) Platform

For security officers: Getting started with the application web interface

Viewing alerts

Viewing alert details

Information in the Object information section

Kaspersky Anti Targeted Attack (KATA) Platform
Нет результатов
Knowledge Base Online Help
FAQ Download Forum Contact support Recovery tools

Information in the Object information section

8 November 2023

ID 247626

The Object information section can display the following event information about the detected object:

  • File name.

    To expand the Copy value to clipboard action, click the link with the file name.

  • File type. For example: ExecutableWin32.

    The Find on TIP button allows to find a file on the Kaspersky Threat Intelligence Portal.

    Click Create prevention rule to prevent the file from running.

    Click Download to download the file to your computer's hard drive.

    The file is downloaded in the form of a ZIP archive encrypted with the password "infected". The name of the file inside the archive is replaced by the file's MD5 hash. The file extension of file inside the archive is not displayed.

  • File size in kilobytes.
  • MD5—MD5 hash of a file.

    Clicking the link with MD5 opens a list in which you can select one of the following actions:

    • Find on TIP.
    • Find events.
    • Find alerts.
    • Create prevention rule.
    • Copy value to clipboard.
  • SHA256—SHA256 hash of a file.

    Clicking the SHA256 link opens a list in which you can select one of the following actions:

    • Find on TIP.
    • Find on virustotal.com.
    • Find events.
    • Find alerts.
    • Create prevention rule.
    • Copy value to clipboard.
  • Sender email—Email address from which the message containing the file was sent.
  • Recipient email—One or more email addresses to which the message containing the file was sent.
  • Original sender email—Source email address from which the message containing the file was sent.

    This field is populated with data from the 'Received' header.

  • Original recipient email—Source email address(es) to which the message containing the file was sent.

    This field is populated with data from the 'Received' header.

  • Subject—Message subject.
  • Sender server IP —IP address of the first mail server in the message delivery chain.

    Clicking the Sender server IP link with opens a list in which you can select one of the following actions:

    • Find events.
    • Find alerts.
    • Copy value to clipboard.
  • Headers—Extended set of email message headers. For example, it can contain information about email addresses of the message sender and recipients, about mail servers that relayed the message, and the type of content in the email message.

See also

Viewing alert details

General information about an alert of any type

Information in the Alert information section

Information in the Scan results section

Information in the IDS rule section

Information in the Network event section

Scan results in Sandbox

IOC scan results

Information in the Hosts section

Information in the Change log section

Sending alert data

Kaspersky Professional Services
Implementation services. Health check and security system configuration. Contact us if you need expert help.
Kaspersky Premium Support (MSA): High‑priority incident processing
Telephone and web ticket support. Fast response, monitoring and health check. Submit a request and activate the contract (MSA).
Did you find this article helpful?
What can we do better?
Thank you for your feedback! You're helping us improve.
Thank you for your feedback! You're helping us improve.