Viewing an IOA white list

To view the IOA rule white list:

In the window of the program web interface, select the IOC/IOA Analysis section, IOA White List subsection.

The white-listed IOA rule table opens. You can filter the rules by clicking links in column headers.

The table of IOA files contains the following information:

  1. Apt_icon_Importance_new is the level of importance that is assigned to an alert generated using this IOA rule.

    The importance level can have one of the following values:

    • Apt_icon_importance_low – Low.
    • Apt_icon_importance_medium – Medium.
    • Apt_icon_importance_high – High.
  2. Type is the type of the rule depending on the role of the server which generated it in distributed solution mode:
    • Global – the rule was created on the PCN server.
    • Local – the rule was created on an SCN server.
  3. Confidence – level of confidence depending on the likelihood of false alarms caused by the rule:
    • High.
    • Medium.
    • Low.

    The higher the confidence, the lower the likelihood of false alarms.

  4. Name – name of the rule.
  5. Servers – name of the server with the Central Node component on which the rule is applied.

See also

Viewing the IOA rule table

Viewing information about an IOA rule

Enabling or disabling an IOA rule

Adding an IOA rule

Editing an IOA rule

Deleting an IOA rule

Viewing information about an IOA rule in the white list

Adding an IOA rule to the white list

Removing an IOA rule from the white list

Viewing the IOA analysis results

Filtering and searching IOA rules

Clearing an IOA rules filter
Page top