Kaspersky Industrial CyberSecurity Endpoint Detection and Response

Creating IOC Scan task from alert details

To create IOC Scan task from the alert details:

1. Open the alert details.
2. On the All alert events tab, select the items from which you want to create an IOC Scan task.
3. Click Create IOC.
4. Select the triggering criteria for the compromise indicator:
   • If you want the indicator of compromise to be triggered when any of the selected objects is detected, select OR on the right side of the screen.
   • If you want the indicator of compromise to be triggered when all the selected objects are detected, select AND on the right side of the screen.
5. Select the actions to be taken when the IOC is triggered:
   • Isolate device from the network.
   • Run critical areas scan.
   • Move the copy to the quarantine, and delete the object.
6. Click Create task.

You can view the created tasks in the Devices → Tasks section.

When you create an IOC Scan task for the selected object (file or process) from the alert details, an