Creating and configuring Standard IOC Scan task
29 May 2023
ID 194313
This section provides information related to Kaspersky Endpoint Agent for Windows. This information may be partially or completely inapplicable to Kaspersky Endpoint Agent for Linux. For complete information about Kaspersky Endpoint Agent for Linux, please refer to the Help of the solution that includes the application: Kaspersky Anti Targeted Attack Platform or Kaspersky Managed Detection and Response.
Only the files with IOC rules can be specified for the IOC Scan task. Files with other types of rules are not supported for the IOC Scan task.
To create and configure a Standard IOC Scan task,
depending on the required task scope, perform one of the following actions:
The task creation wizard allows you to configure the following settings:
- IOC collection
- Data types (IOC documents) to be analyzed during IOC scan
- Retrospective IOC Scan
- Application actions on IOC detection
- Task start schedule
- Running the task from a Kaspersky Security Center user account
- Task name
Identifiers of all IOC files that are used in the same IOC Scan task must be unique. The presence of IOC files with the same identifier can affect the correctness of the task execution results.
If, when creating the IOC Scan task, you upload some IOC files that are not supported by Kaspersky Endpoint Agent then when the task starts, the application will use only supported IOC files.
Semantic errors and IOC terms and tags in IOC files that are not supported by the application do not cause the task execution errors. The application just does not detect matches in such sections of IOC files.