Viewing information about an IOA rule in the white list

To view information about an IOA rule that was added to the white list:

1. In the window of the program web interface, select the IOC/IOA Analysis section, IOA White List subsection.

   The white-listed IOA rule table opens.

2. Select the IOA rule whose information you want to view.

This opens a window containing information about the rule.

The window contains the following information:

• IOA rule. Click this link to open a window containing a description of the MITRE technique corresponding to this rule, recommendations on responding to the event, and data on the likelihood of false alarms.
• ID is the ID that the program assigns to each rule.
• Name is the name of the rule that you specified when you added the rule.
• Importance is an estimate of the probable impact of the event on the security of computers or the corporate LAN as assessed by Kaspersky Lab experts.
• Confidence is the level of confidence depending on the probability of false positives as estimated by Kaspersky Lab experts.
• Apply to servers* is a list of organizations and servers on which the IOA rule added to the white list is applied.

See also Viewing the IOA rule table Viewing information about an IOA rule Enabling or disabling an IOA rule Adding an IOA rule Editing an IOA rule Deleting an IOA rule Viewing an IOA white list Adding an IOA rule to the white list Removing an IOA rule from the white list Viewing the IOA analysis results Filtering and searching IOA rules Clearing an IOA rules filter

Page top