Kaspersky Endpoint Agent

Working with incident card

29 May 2023

ID 200109

This section provides information related to Kaspersky Endpoint Agent for Windows. This information may be partially or completely inapplicable to Kaspersky Endpoint Agent for Linux. For complete information about Kaspersky Endpoint Agent for Linux, please refer to the Help of the solution that includes the application: Kaspersky Anti Targeted Attack Platform or Kaspersky Managed Detection and Response.

The incident card will be deleted automatically one month after it was created.

The incident card provides information required to analyze the incident and perform actions in response to the incident.

The following information is displayed in an incident card:

  • General incident information.
  • Information about the protected device on which the incident occurred.
  • Information about the object detected during the incident.

You can perform the following actions on an incident card:

You can also use the functionality to work with untrusted objects available in Endpoint Protection Platform applications. For example, can also use the standard Kaspersky Security Center Web Console tools to add a file to the Kaspersky Endpoint Security for Windows Application Launch Control allow list or to send a file to Kaspersky experts for analysis. For details, refer to Kaspersky Endpoint Security for Windows Help.

In this section

Configuring a threat report for viewing incident cards

Prerequisites for creating threat development chain

Viewing the incident card

Selecting an action on a file from the incident card

Isolating a device from the incident card

Creating IOC Scan task from the incident card

Did you find this article helpful?
What can we do better?
Thank you for your feedback! You're helping us improve.
Thank you for your feedback! You're helping us improve.