Kaspersky Unified Monitoring and Analysis Platform Help

Kaspersky Unified Monitoring and Analysis Platform

Print Support Send link Get as PDF

Step 4. Analyzing alert information

Step 4. Analyzing alert information

At this step, analyze the information about the alert to determine what data is required for further analysis of the alert.

Example

From the alert information, the analyst learns the following:

Which registry key has been modified
On which asset
The name of the account used to modify the key

This information can be viewed in the details of the event that caused the alert (Alerts → R093_Modification of critical registry hives → Related events → event 2022-08-23 17:27:05), in the FileName, DeviceHostName, and SourceUserName fields respectively.

Page top

Contents

Step 4. Analyzing alert information