About threat alerts

Kaspersky Threat Intelligence Portal provides threat alerts (notifications) about detected vulnerabilities that may reduce the level of protection of your organization.

Threat alerts may include information about compromised credentials, data leakages, vulnerable services on the network perimeter, insider threats, and many more.

Threat alerts are displayed on the Threats tab of the Digital Footprint page. The Threats section represents the total number of the detected vulnerabilities and their danger level (Critical, High, Medium, Low, Info).

For each alert, the following data is displayed:

• Date

  Date and time when the threat was detected.

• Risk

  Danger level of the detected threat (Critical, High, Medium, Low, Info).

• Category

  Category of the threat, for example vulnerability, malware, person, leakage, dark web. Other threat categories may also appear.

  Recently published topics, comments, or advertisements on the Dark web forums, shops, communication channels, and onion sites.

  Provides any kind of information related to the company that was found on online content hosting services such as Pastebin. Compromised employee accounts, client's bank cards, credentials for access to the internal systems, as well as other sensitive information.

  Information on the company's employees (email address, position, social network accounts, and more) found in public sources.

  Notifications about malicious activity that involve company's resources. Provides alerts on:

  • Communicating samples, that tried to communicate with the company's resources when they were executed in a Sandbox.
  • Downloaded samples, that were downloaded from the company's resources.
  • Referrer samples, that embed web address pattern strings with company's domains.
  • Botnet activity against the company's resources.

  Notifications about newly discovered security issues on the company's network perimeter resource. Provides information about vulnerable or misconfigured service, and short-term recommendations for remediation.

• Object

  Object associated with the detected threat (domain, IP address, keyword).

• Threat

  Description of the threat and recommendations on how to mitigate risks associated with this threat. You can expand or collapse the description and recommendations for better viewing.

• Tags

  Tags associated with the threat: for example, threat name according to the Kaspersky classification, Common Vulnerabilities and Exposures (CVE), or keywords.

• Additional information

  Link to download additional information associated with the vulnerability provided as an encrypted archive, if available. Use the password infected to unpack the archive.

  The archive may contain objects that could harm your device or data, if handled improperly. By downloading, you agree that you are informed and accept full responsibility for the handling of downloaded objects contained in the archive. You can only use the downloaded content to increase the level of protection of your devices and systems.

  The archive may contain the following:

  • JSON file including metadata about an attack
  • Screenshot in PNG format (optional)
  • HTML page downloaded using a phishing web address (optional)

Page top