Kaspersky Threat Intelligence Portal

Data provision

When using Kaspersky Threat Intelligence Portal, in addition to the data that you provide in accordance with the Terms of Use and the Privacy Statement, the following types of data are automatically obtained and processed for the purposes described below.

All obtained data is stored as described in the Privacy Statement. The storage period is described in the "How long do we keep your personal data?" section. When a storage period expires, the data is deleted from online transaction processing (OLTP) databases.

By submitting a file or a lookup request to Kaspersky Threat Intelligence Portal, you agree to our Terms of Use and the Privacy Statement. If you do not agree to our Terms of Use and/or the Privacy Statement, please do not submit files or lookup requests.

Processed data:

General user actions

To improve detection services and process user requests to Kaspersky Threat Intelligence Portal services, the portal obtains the following data according to the Terms of Use and the Privacy Statement on any user action during their work with Kaspersky Threat Intelligence Portal:

  • Date and time when the action was performed
  • IP address (also used for blocking users that make frequent attempts to submit files and/or lookup requests to Kaspersky Threat Intelligence Portal)
  • Browser information (also used for blocking users that make frequent attempts to submit files and/or lookup requests to Kaspersky Threat Intelligence Portal)

Hash, IP address, domain, web address lookup requests

To search for requested objects and display recent user requests, Kaspersky Threat Intelligence Portal obtains the following data when submitting a lookup request (hash, IP address, domain, or web address):

  • Request
  • Request results

Uploaded file execution

To perform investigations and display recent user requests, Kaspersky Threat Intelligence Portal obtains the following data when submitting a file for execution:

  • Request (executed file)
  • File execution results (hash of the executed file, date and time when the file was executed and analyzed, file size, file type, file name, sandbox detection names, triggered network rules, suspicious activities, screenshots, loaded PE images, file operations, registry operations, process operations, sync operations, downloaded files, dropped files, HTTP requests, HTTPS requests, and DNS requests)

Web address analysis

To perform investigations and display recent user requests, Kaspersky Threat Intelligence Portal obtains the following data when analyzing a web address:

  • Request (web address)
  • Web address analysis results (sandbox detection names, triggered network rules, suspicious activities, hosts, WHOIS information, screenshots, HTTP requests, HTTPS requests, and DNS requests)