Viewing threat notification description

To view a threat notification detailed description:

Open the Digital Footprint () → Threats page.
If necessary, use filters to search for a notification for a specific threat notification.
In the Threat ID column, click the required threat notification ID and select View in new tab in the drop-down list.

The threat notification description opens in a new tab.

At the top of the page, Kaspersky Threat Intelligence Portal provides a description of the threat. Below the description, Kaspersky Threat Intelligence Portal displays the following information about the notification and the detected threat.

Threat notification details

Field	Description
Date	Date and time when the threat was detected.
Risk	Danger level of the detected threat (Critical, High, Medium, Low, Info).
Threat name	Threat notification name.
Threat ID	Threat notification identifier.
Download additional info	Link to download additional information associated with the vulnerability provided as an encrypted archive, if available. Use the password infected to unpack the archive. The archive may contain objects that could harm your device or data, if handled improperly. By downloading, you agree that you are informed and accept full responsibility for the handling of downloaded objects contained in the archive. You can only use the downloaded content to increase the level of protection of your devices and systems. The archive may contain the following: JSON file including metadata about an attack. Screenshot in PNG format (optional). HTML page downloaded using a phishing web address (optional).
Category	Threat category, such as vulnerability, malware, person, leakage, dark web. Other threat categories may also appear. Recently published topics, comments, or advertisements on the Dark web forums, shops, communication channels, and onion sites. Provides any kind of information related to the company that was found on online content hosting services such as Pastebin. Compromised employee accounts, client's bank cards, credentials for access to the internal systems, as well as other sensitive information. Information on the company's employees (email address, position, social network accounts, and more) found in public sources. Notifications about malicious activity that involve company's resources. Provides alerts on: Communicating samples, that tried to communicate with the company's resources when they were executed in a Sandbox. Downloaded samples, that were downloaded from the company's resources. Referrer samples, that embed web address pattern strings with company's domains. Botnet activity against the company's resources. Notification about newly discovered security issues on the company's network perimeter resource. Provides information about vulnerable or misconfigured service, and short-term recommendations for remediation.
Object	Object associated with the detected threat (domain, IP address, keyword).
Tags	Tags associated with the threat: for example, threat name according to the Kaspersky classification, Common Vulnerabilities and Exposures (CVE), or keywords.
Description	Threat notification description.
Recommendation	Recommendations on how to mitigate risks associated with the threat.
State	Threat notification state.
Assigned to	Individual responsible for receiving and handling the threat notification.
Comment	Comment added to a notification.

Page top