If you are using a demo version of the service, the Reporting service has several limitations. For more information, see section About the license.
Report files in any format, including Master YARA and Master IOC, are marked TLP:AMBER. Downloaded reports can only be shared within your company, and must not be distributed externally, unless specified otherwise in the downloaded file.
Available reports are displayed on the Reporting () page.
For each report, the following information is displayed:
Reports that appeared after your last visit to the Reporting page are marked as New. Reports that were updated after your last visit are marked as Updated. Reports that are available for viewing and downloading without a commercial license are marked as DEMO.
Some of the displayed reports may not be available if you do not have the appropriate license. You can view information about these reports by following the link in the unavailability notice (), or by selecting the Demo option in the filter in the Report column.
You can like or unlike a report using the like () icon. Summary and links for downloading are displayed only for reports that are available to you according to your organization's license.
You can download reports in any of the available formats using links under the report summary for further analysis.
Available formats depend on the permissions, set by your administrator, to download reports. If you do not have permissions to download reports, no links will be displayed.
A report in YARA Rules format is displayed.
For more information on YARA Rules, see https://yara.readthedocs.io.
By default, the format of the file name is as follows: <REPORT_NAME>.yara.
A file that contains Suricata rules associated with the report.
By default, the format of the file name is as follows: <REPORT_NAME>.rules.
An OpenIOC file that includes a description of IOCs (indicators of compromise) for the following object types: MD5 hashes, domains, web addresses, and IP addresses.
Kaspersky Threat Intelligence Portal supports IOC files that use open standard for IOC description—OpenIOC version 1.0. For more information on OpenIOC files, see http://www.openioc.org.
By default, the format of the file name is as follows: <REPORT_NAME>.ioc.
A PDF report. You can select the required language from a drop-down list if a report is available in several languages.
By default, the format of the file name is as follows: <REPORT_NAME_language>.pdf.
A brief report summary for business purposes in PDF. You can select the required language from a drop-down list if an executive summary is available in several languages.
By default, the format of the file name is as follows: <SUMMARY_NAME_language>.pdf.
If you download an updated version of the report that you downloaded before, the number of available downloads does not decrease.
If necessary, you can download the following reports if you have the corresponding permissions:
A report that includes all available reports at Kaspersky Threat Intelligence Portal in YARA Rules format.
Click the Master YARA button and select the required report type in the drop-down list:
By default, the file name is master.yara.
A report that includes descriptions of IOCs (indicators of compromise) for the following object types: MD5 hashes, domains, and IP addresses in CSV file format. The file contains information from reports.
Click the Master IOC button and select the required report type in the drop-down list:
The first string in the file contains columns names:
UID
—ID of a reportPublication
—Name of a reportIndicator
—Object's type: md5-hash
, domain
, or IP
DetectionDate
—Detection date in YYYY-MM-DD
formatIndicatorType
—Type of indicator: md5Hash
or networkActivity
Starting from the third string, each string contains a description of a separate indicator of compromise.
By default, the file name is master.ioc.