Home page
On the Kaspersky Threat Intelligence Portal Home page (), an overview of current cyber threats around the world and various types of information concerning your organization are displayed. The data provided allows you to start threat investigation as soon as you sign in.
In the Search field, you can request data from Kaspersky databases for indicators (hash, IP address, domain, web address) and actor profiles. Also, you can perform full-text requests in this field.
The Digital Footprint Global Threats section provides the overall threat landscape detected for all Digital Footprint Intelligence service users. Charts display the total number of detected threats and their distribution by risk levels and categories.
Depending on the licenses your organization has purchased and the permissions set by your administrator, the following sections are displayed on the Home page:
- Reports—Latest APT Intelligence, Crimeware Threat Intelligence, and Industrial Threat Intelligence report headers (sometimes shortened for a better view). If your license stipulates viewing reports, headers of available reports are clickable and take you to the corresponding report page. This page contains the report name, a brief description, and download links.
Demo reports (marked as ) are available for viewing and downloading without a commercial license. Clicking the View demo reports link takes you to the Reporting page, where demo reports are filtered out.
Unavailable reports (marked as ) are also displayed on the Home page, but their headings are not clickable. When you hover your mouse over a specific report name, a tooltip is displayed with the name of the service that must be purchased to view the full version of the report.
Clicking the See more reports link takes you to the Reporting page containing all reports available to you.
- Investigation history—Your most recent requests in Kaspersky Threat Intelligence Portal, including Threat Intelligence search and object analysis in Kaspersky Sandbox. Clicking the View request history link takes you to a page containing a complete list of your requests.
- Threat Attribution Updates—Total number of actors and other attribution entities for the current time, number of new and updated actors, and other attribution entities for the last 30 days. Attribution entities include actors, their tools, related malware, and campaigns. Clicking the View available actor profiles link takes you to the Reporting → Actors page with detailed descriptions of available actor profiles.
- News—Latest news headers (sometimes shortened for a better view). News headers are clickable and take you to the news source page (for example, the Securelist website). Clicking the View news link takes you to the News page containing links to all news available to you.
- Video Insights—Links to video tutorials about Kaspersky Threat Intelligence Portal and the its services.
- Cybermap—Worldwide cybermap showing threats around the world. When you hover your mouse over a specific country, the country rating and the percentage of users whose Kaspersky products have blocked threats in that country are shown. To the right of the cybermap, a list of the most attacked countries is displayed.
When you click a specific country on the cybermap, threat ratings and statistics are displayed for the selected country. The country's rating in the most frequently attacked countries list and the number of detected dangerous objects are displayed. The Top 10 lists for all threat types (threats, C&Cs, web addresses, and MD5 hashes of files) are shown below the cybermap. All items are clickable. Clicking an item in the threats list takes you to the Kaspersky threats website. Clicking items in the Top 10 CC, Top 10 URLs, and Top 10 files lists takes you to the Threat Lookup page, which has various results for the corresponding object.
For both the worldwide and individual country cybermap, filtering by type and time is available.
By selecting the information type in the drop-down list, you can display the information for the following types:
- OAS—Shows malware detection flow during On-Access Scan, i.e. when objects are accessed during open, copy, run, or save operations.
- WAV—Shows malware detection flow during a Web Anti-Virus scan when a website opens or a file is downloaded. This checks the ports specified in the Web Anti-Virus settings.
- MAV—Shows malware detection flow during the Mail Anti-Virus scan when new objects appear in a mail client. The MAV scans incoming messages and calls OAS when saving attachments to a disk.
- ODS—Shows malware detection flow during On-Demand Scan, when the user manually selects the Scan for viruses option in the application context menu.
- IDS—Intrusion Detection System shows network attacks detection flow.
- KAS—Shows malicious and other email traffic discovered by Kaspersky's Reputation Filtering technology (Kaspersky Anti-Spam).
- VUL—Vulnerability Scan shows vulnerability detection flow.
By selecting the time period in the drop-down list, you also can filter the displayed information for a specific period:
- Day—Cybermap and other threat statistics for the past 24 hours are displayed.
- Week—Cybermap and other threat statistics for the past seven days are displayed.
- Last month—Cybermap and other threat statistics for the past month are displayed.
- Top Threats—Leading threats for the selected threat type. The rating list is made up of the threats most frequently blocked by Kaspersky products.
- Threat Dynamics—Graphic of the changes in the total number of incidents recorded by Kaspersky for different threat types. When you hover your mouse over a certain column on the graph, the number of incidents for this date are displayed.
Page top