Viewing information about Endpoint Detection and Response alerts

17 May 2024

ID 231765

You can view information about Endpoint Detection and Response alerts in a widget and a table. The widget shows up to 10 alerts and the table shows up to 1000 alerts.

If you have configured notifications about the IoC found events, sometimes you may be notified about a detected IoC before the respective alert is displayed inside Kaspersky Endpoint Security Cloud. This is because events occur when the IoC scan is still in progress, while an alert appears only after the scan ends.

Endpoint Detection and Response widget

To view the Endpoint Detection and Response widget:

  1. Open Kaspersky Endpoint Security Cloud Management Console.
  2. In the Information panel section, click the Monitoring tab.
  3. If Endpoint Detection and Response is disabled, start using the feature.

The widget displays the requested information.

From the displayed widget, you can proceed to the following:

Endpoint Detection and Response table

To view the table with the Endpoint Detection and Response alerts:

  1. Open Kaspersky Endpoint Security Cloud Management Console.
  2. Open the Endpoint Detection and Response alerts window in any of the following ways:
    • In the Information panel section, click the Monitoring tab, and then click the Go to the list of alerts link in the Endpoint Detection and Response widget.
    • Select the Security managementEndpoint Detection and Response section.
  3. If Endpoint Detection and Response is disabled, start using the feature.

    The table displays the requested information.

  4. Filter the displayed records by selecting the required values in the drop-down lists:
    • Detected on

      The period over which alerts have occurred.

    • Status

      The status of alerts, depending on the technology that detected them:

      • If an alert was detected by EPP—whether the detected objects have been treated or untreated (deleted).
      • If an alert was detected by IoC scan—whether IoCs have been only detected or automatic response measures have been taken.
    • Technology

      The technology that detected alerts: EPP or IoC scan.

From the displayed table, you can proceed to the following:

Also, you can export information about all of the current alerts to a CSV file.

Did you find this article helpful?
What can we do better?
Thank you for your feedback! You're helping us improve.
Thank you for your feedback! You're helping us improve.