Viewing all available reports

If you are using a demo version of the service, the Reporting service has several limitations. For more information, see section About the license.

Report files in any format, including Master YARA and Master IOC, are marked TLP:AMBER. Downloaded reports can only be shared within your company, and must not be distributed externally, unless specified otherwise in the downloaded file.

Available reports are displayed on the Reporting () page.

For each report, the following information is displayed:

• Date—Date when a report was published. Reports in the list are sorted by the publication date from most recent to earliest. If necessary, you can use the filter () to narrow the amount of displayed results. Use the date pickers (calendar) or predefined filters (Month or Year) to specify a certain period and click Apply.
• Group—Group that the report belongs to: APT for APT Intelligence reports, Crimeware for Crimeware Threat Intelligence reports, Industrial for Industrial reports. If necessary, you can add or remove other report types using the filter () in the Group column. By default, all types of reports are selected.
• Report ID—Report identifier. You can click the item to copy it or open a new tab with detailed report description.
• Report—Report name, a brief summary, and links for downloading a report for further analysis in various formats. If necessary, you can use the filter () to display all (the All option), only commercial reports (the Commercial option) or only demo reports (the Demo option).

  Reports that appeared after your last visit to the Reporting page are marked as New. Reports that were updated after your last visit are marked as Updated. Reports that are available for viewing and downloading without a commercial license are marked as DEMO.

  Some of the displayed reports may not be available if you do not have the appropriate license. You can view information about these reports by following the link in the unavailability notice (), or by selecting the Demo option in the filter in the Report column.

  You can like or unlike a report using the like () icon. Summary and links for downloading are displayed only for reports that are available to you according to your organization's license.

• Tags—Tags related to reports. You can specify required tags using the filter () to narrow the report search. The number of selected tags of each type is displayed by the type name. If necessary, clear tags selection by clicking the Clear filters button.

You can download reports in any of the available formats using links under the report summary for further analysis.

Available formats depend on the permissions, set by your administrator, to download reports. If you do not have permissions to download reports, no links will be displayed.

• YARA Rule (if available)

  A report in YARA Rules format is displayed.

  For more information on YARA Rules, see https://yara.readthedocs.io.

  By default, the format of the file name is as follows: <REPORT_NAME>.yara.

• Suricata (if available)

  A file that contains Suricata rules associated with the report.

  By default, the format of the file name is as follows: <REPORT_NAME>.rules.

• IOC (if available)

  An OpenIOC file that includes a description of IOCs (indicators of compromise) for the following object types: MD5 hashes, domains, web addresses, and IP addresses.

  Kaspersky Threat Intelligence Portal supports IOC files that use open standard for IOC description—OpenIOC version 1.0. For more information on OpenIOC files, see http://www.openioc.org.

  By default, the format of the file name is as follows: <REPORT_NAME>.ioc.

• Report (if available)

  A PDF report. You can select the required language from a drop-down list if a report is available in several languages.

  By default, the format of the file name is as follows: <REPORT_NAME_language>.pdf.

• Executive summary () (if available)

  A brief report summary for business purposes in PDF. You can select the required language from a drop-down list if an executive summary is available in several languages.

  By default, the format of the file name is as follows: <SUMMARY_NAME_language>.pdf.

If you download an updated version of the report that you downloaded before, the number of available downloads does not decrease.

If necessary, you can download the following reports if you have the corresponding permissions:

• Master YARA

  A report that includes all available reports at Kaspersky Threat Intelligence Portal in YARA Rules format.

  Click the Master YARA button and select the required report type in the drop-down list:

  • Master YARA APT for APT Intelligence reports
  • Master YARA Crimeware for Crimeware Threat Intelligence reports
  • Master YARA Industrial for Industrial reports

  By default, the file name is master.yara.

• Master IOC

  A report that includes descriptions of IOCs (indicators of compromise) for the following object types: MD5 hashes, domains, and IP addresses in CSV file format. The file contains information from reports.

  Click the Master IOC button and select the required report type in the drop-down list:

  • Master IOC APT for APT Intelligence reports
  • Master IOC Crimeware for Crimeware Threat Intelligence reports
  • Master IOC Industrial for Industrial reports

  The first string in the file contains columns names:

  • UID—ID of a report
  • Publication—Name of a report
  • Indicator—Object's type: md5-hash, domain, or IP
  • DetectionDate—Detection date in YYYY-MM-DD format
  • IndicatorType—Type of indicator: md5Hash or networkActivity

  Starting from the third string, each string contains a description of a separate indicator of compromise.

  By default, the file name is master.ioc.

Page top