Support

Support for business applications

Kaspersky Anti Targeted Attack (KATA) Platform

For security officers: Getting started with the application web interface

Events database threat hunting

Kaspersky Anti Targeted Attack (KATA) Platform
Нет результатов
Knowledge Base Online Help
FAQ Download Forum Contact support Recovery tools

Events database threat hunting

8 November 2023

ID 247636

When managing the application web interface, you can generate search queries and use IOC files to search the events database for threats, for tenants to whose data you have access.

To form search queries through the events database, you can use design mode or source code mode.

In design mode, you can create and modify search queries using drop-down lists with options for the type of field value and operators.

In source code mode, you can create and modify search queries using text commands.

You can upload an IOC file and search for events based on conditions defined in this IOC file.

Users with the Senior security officer, Security officer roles can also create TAA (IOA) rules based on event search conditions.

In this section

Searching events in design mode

Searching events in source code mode

Sorting events in the table

Changing the event search conditions

Searching events by processing results in EPP applications

Uploading an IOC file and searching for events based on conditions defined in the IOC file

Creating a TAA (IOA) rule based on event search conditions

Kaspersky Professional Services
Implementation services. Health check and security system configuration. Contact us if you need expert help.
Kaspersky Premium Support (MSA): High‑priority incident processing
Telephone and web ticket support. Fast response, monitoring and health check. Submit a request and activate the contract (MSA).
Did you find this article helpful?
What can we do better?
Thank you for your feedback! You're helping us improve.
Thank you for your feedback! You're helping us improve.