Viewing event details

Kaspersky Endpoint Detection and Response Expert

Support Send link

Threat hunting > Viewing event details

Viewing event details

The event list contains details about the events. You can also open an event details window. The event details window provides all the information about the event.

To open event details:

In the main menu, go to MONITORING & REPORTING → THREAT HUNTING, and then run a query.
Click the table row with the event.

A window with details about the event opens.

Clicking a value in the event details or in the event table opens a context menu with a list of actions. For each value, the following actions are available:

Copy the value to the clipboard.
Add/remove the column to/from the event list.
Add the value to the query.
The event list will be filtered by this value.
Delete the value from the query.
Events will not be filtered by this field.
Create a new query with the value.

In addition, for the SID, UserName, IP, MD5, URL, and Domain object types, the following actions are available:

Find more information on
Kaspersky Threat Intelligence Portal
Kaspersky information system that contains and displays reputation information for files and URL addresses.

.
View related alerts.
Clicking the link opens a list of alerts that are related to the value of the selected event field. The list of alerts opens in the Alerts section.

To view a list of related alerts:
1. Go to MONITORING & REPORTING → THREAT HUNTING and run a query.
2. Open event details and click the value to open the context menu.
  You can also open the context menu by clicking the value in the event table.
3. In the context menu of the selected value, click Go to related alerts button.
A list of related alerts is displayed.

Viewing related alerts is available only for the objects of SID, UserName, IP, md5, URL, Domain data types.
View related incidents.
Clicking the link opens a list of incidents that are related to the value of the selected event field. The list of incidents opens in the Incidents section.

To view a list of related incidents:
1. Go to MONITORING & REPORTING → THREAT HUNTING and run a query.
2. Open event details and click the value to open the context menu.
  You can also open the context menu by clicking the value in the event table.
3. In the context menu of the selected value, click Go to related incidents button.
A list of related incidents is displayed.

Viewing related incident is available only for the objects of SID, UserName, IP, md5, URL, Domain data types.

The enrich.hunts.names field contains the names of the

IOA rules

that were triggered by the event. Clicking a link in this field opens a window with details about the triggered custom rule.

From the event details, you can view a

tree of events

by clicking the corresponding button.

Article ID: 221538, Last review: Mar 26, 2025

Page top