About alert details
Alert details contain all available information about the detected threat and allow you to manage alert response actions.
Alert details contain the following information:
- Threat development chain graph that provides visual information about the objects involved, such as key processes on the device, network connections, libraries, registry hives. It is used to analyze the causes of the threat.
- General information about the alert, including detection mode (for example, detection during on-demand scan or during automatic scan).
- Information about the protected device on which the alert occurs (for example, device name, IP address, MAC address, user list, operating system).
- Information about detected object.
- Registry changes associated with the alert.
- History of the file presence on the device.
- Response actions performed by the application.
The following information is also available in the detection details generated by the Kaspersky Industrial CyberSecurity for Linux Nodes application version 1.5 and later:
- Recommendations for responding to detection. Each recommendation is provided with a link that you can use to apply the selected response method.
- Information about the trust group, digital signature, file distribution and other data.
This block of information is available if the Kaspersky Security Network function is enabled in the Kaspersky Industrial CyberSecurity for Linux Nodes application at the time of detection.
The listed data is specified at the time of detection of the threat. The solution does not update the listed data; therefore, it may differ from the data displayed on the Kaspersky Threat Intelligence Portal. To view the latest data, use the links to the Kaspersky Threat Intelligence Portal data in the detection details.
You can perform the following response actions from the alert details:
- isolate the device on which the alert occurred;
- quarantine file;
This action is not available on computers running Linux operating systems with Kaspersky Industrial CyberSecurity for Linux Nodes version 1.5 installed.
- create an IOC Scan task;
- prevent execution of the detected file.
This action is not available on computers running Linux operating systems with Kaspersky Industrial CyberSecurity for Linux Nodes version 1.5 installed.
Alert details are automatically deleted one month after creation.
If the amount of information in the alert details exceeds 100 KB, or if more than 20 alerts occurred on the device during a day, then the alert data is stored on the device locally and connection to the device is required to access this data.