Data provision

When using Kaspersky Threat Intelligence Portal, in addition to the data that you provide in accordance with the Terms and Conditions, the following types of data are automatically obtained and processed for the purposes described below.

Kaspersky protects any information received in accordance with law and applicable Kaspersky rules. Data is transmitted over a secure channel.

All obtained data is stored during the license term. When a storage period expires, the data is deleted from online transaction processing (OLTP) databases.

You can withdraw your consent to the provision of the data described below at any time.

To withdraw your consent, contact your dedicated Kaspersky Technical Account Manager by ktlsupport@kaspersky.com.

Processed data:

General user actions

For detection services improvement and processing user requests to Kaspersky Threat Intelligence Portal services in accordance with license terms, on any user action during work with Kaspersky Threat Intelligence Portal, the portal obtains the following data according to the Terms and Conditions:

• Date and time when an action was performed
• IP address (also used for blocking accounts that make frequent attempts to sign in to Kaspersky Threat Intelligence Portal)
• User agent string
• User name (login)

Terms and Conditions confirmation

For processing user requests to Kaspersky Threat Intelligence Portal services in accordance with license terms, the portal obtains the following data:

• Confirmation (the I confirm that I have fully read, understand, and accept the following: Terms and Conditions of <list of available services> check box selection)

Statement About Data Provision confirmation

For processing user requests to Kaspersky Threat Intelligence Portal services in accordance with license terms, the portal obtains the following data:

• Confirmation (the I confirm that I have fully read, understand, and accept the following: Statement About Data Provision check box selection)

Signing in to Kaspersky Threat Intelligence Portal

For purposes of user authentication and verification of compliance with the current license, on signing in to Kaspersky Threat Intelligence Portal, the portal obtains the following data according to the Terms and Conditions:

• Certificate
• Password (salt and hash)
• User name (login)
• Session identifier (ID, user name), also stored in the local storage of the user's browser
• API Key (Token, when using Kaspersky Threat Intelligence Portal API)

APT Intelligence Reporting, Crimeware Threat Intelligence Reporting, and Industrial Threat Intelligence Reporting services

For purposes of generating user input hints and searching for requested text (full text search), the requests to the Reporting service are received, stored, and processed in accordance with the Terms and Conditions.

Threat lookup service

For purposes of searching requested objects, display of recent user requests, and verification of compliance with the current license, when the Threat lookup service is used, Kaspersky Threat Intelligence Portal obtains the following data:

• Request
• Viewing recent requests (only action, no data is received)
• Request results

Dark web and Surface web search

For purposes of investigating issues, verifying compliance with the current license, and notifying the user, when the WHOIS hunting functionality is used in the Kaspersky Dark web and Surface web search, the following information are processed:

• Requested object or full-text request
• User name (login)

WHOIS hunting service

For purposes of issue investigations, verification of compliance with the current license, and user notification, when the WHOIS hunting service is used, Kaspersky Threat Intelligence Portal obtains the following data according to the Terms and Conditions:

• User full name
• User name (login)

WHOIS lookup service

For purposes of issue investigations, display of user recent requests, and verification of compliance with the current license, when the WHOIS lookup service is used, Kaspersky Threat Intelligence Portal obtains the following data:

• Request
• Viewing recent requests (only action, no data is received)
• Request results

Kaspersky Sandbox: Uploaded or downloaded files execution

For purposes of issue investigations, display of recent user requests, and verification of compliance with the current license, when executing a file in Kaspersky Sandbox, Kaspersky Threat Intelligence Portal obtains the following data:

• Request (executed file)
• File download parameters (web address, HTTP requests, HTTPS requests)—for downloaded files only
• File execution parameters (execution environment, execution time, specified file extension, execution type, HTTPS traffic decryption)
• File execution results (sandbox detection names, triggered network rules, execution map, suspicious activities, screenshots, loaded PE images, file operations, registry operations, process operations, synchronize operations, downloaded files, dropped files, HTTP requests, HTTPS requests, DNS requests)
• Viewing recent requests (hash of the executed file, date and time when the file was executed and analyzed, file size, file type, MD5 hash)

Cloud Threat Attribution Engine

For purposes of investigating issues, verifying compliance with the current license, and notifying the user about a file analysis results that extracted with Cloud Threat Attribution Engine, the information from the file are processed.

Kaspersky Sandbox: Browse URL

For purposes of issue investigations, display of recent user requests, and verification of compliance with the current license, when analyzing a web address in Kaspersky Sandbox, Kaspersky Threat Intelligence Portal obtains the following data:

• Request (web address)
• Web address analysis parameters (emulation environment, emulation time, HTTPS traffic decryption)
• Web address analysis results (sandbox detection names, triggered network rules, suspicious activities, hosts, WHOIS information, screenshots, HTTP requests, HTTPS requests, DNS requests)
• Viewing recent requests (analyzed web address, date, and time when the web address was analyzed)

Account management

For the purpose of verification of compliance with the current license, when a new account is created, Kaspersky Threat Intelligence Portal obtains the following data according to the Terms and Conditions:

• Role (Admin or User)
• Type (access using web interface, RESTful API, or both)
• User full name
• User name (login)
• User name (login) of changes author

Digital Footprint Intelligence service

For the purpose of detecting immediate threats to the organization and provide the user with information about them, to perform text searches from the user and to filter those results, Kaspersky Threat Intelligence Portal receives the following data when you use the Digital Footprint Intelligence service:

• Company names
• Brand names
• Full-qualified domain names
• IP addresses, version 4 (IPv4) or version 6 (IPv6)
• IP address ranges, version 4 (IPv4) or version 6 (IPv6)
• CIDRs, version 4 (IPv4) or version 6 (IPv6)
• Email addresses
• Employee names
• Information about the organization
• Information about the vulnerabilities found for the organization
• Search queries from the user (word or phrase uniquely related to the company)
• IIN/BIN
• Legitimate social account links
• Legitimate mobile app links

Page top