Viewing the IOA rule table

The IOA rule table contains information on IOA rules used to scan the events database. This table is located in the IOC/IOA Analysis section, IOA Analysis subsection of the program web interface window.

The table of IOA files contains the following information:

  1. Apt_icon_Importance_new is the level of importance that is assigned to an alert generated using this IOA rule.

    The importance level can have one of the following values:

    • Apt_icon_importance_low – Low.
    • Apt_icon_importance_medium – Medium.
    • Apt_icon_importance_high – High.
  2. Type is the type of the rule depending on the role of the server which generated it in distributed solution mode:
    • Global – the rule was created on the PCN server.
    • Local – the rule was created on an SCN server.
  3. Confidence – level of confidence depending on the likelihood of false alarms caused by the rule:
    • High.
    • Medium.
    • Low.

    The higher the confidence, the lower the likelihood of false alarms.

  4. Name – name of the rule.
  5. Servers – name of the server with the Central Node component on which the rule is applied.
  6. Generate alerts – requirement to store information on alerts based on matching an event from the database with criteria of the rule.
    • Enabled – a record is created for the event in the alerts table with IOA technology specified.
    • Disabled – not displayed in the alert table.
  7. State – use of the rule in events database scans:
    • Enabled – the rule is being used.
    • Disabled – the rule is not being used.

See also

Viewing information about an IOA rule

Enabling or disabling an IOA rule

Adding an IOA rule

Editing an IOA rule

Deleting an IOA rule

Viewing an IOA white list

Viewing information about an IOA rule in the white list

Adding an IOA rule to the white list

Removing an IOA rule from the white list

Viewing the IOA analysis results

Filtering and searching IOA rules

Clearing an IOA rules filter
Page top