Viewing the TAA (IOA) rule table

The table of user-defined TAA (IOA) rules contains information about TAA (IOA) rules that are used to scan events and create alerts; the table is in the User rules section, TAA subsection of the program web interface window.

The table contains the following information:

1. —Importance level that is assigned to an alert generated using this TAA (IOA) rule.

   The importance level can have one of the following values:

   •  – Low.
   •  – Medium.
   •  – High.
2. Type is the type of the rule depending on the role of the server which generated it in distributed solution mode:
   • Global – the rule was created on the PCN server.
   • Local – the rule was created on an SCN server.
3. Confidence – level of confidence depending on the likelihood of false alarms caused by the rule:
   • High.
   • Medium.
   • Low.

   The higher the confidence, the lower the likelihood of false alarms.

4. Name – name of the rule.
5. Servers – name of the server with the Central Node component on which the rule is applied.
6. Generate alerts – requirement to store information on alerts based on matching an event from the database with criteria of the rule.
   • Enabled – a record is created for the event in the alerts table with Targeted Attack Analyzer (TAA) technology specified.
   • Disabled – not displayed in the alert table.
7. State – usage status of the rule in event scans:
   • Enabled – the rule is being used.
   • Disabled – the rule is not being used.

See also Viewing the information of a user-defined TAA (IOA) rule Searching for alerts and events in which TAA (IOA) rules were triggered Filtering and searching TAA (IOA) rules Resetting the TAA (IOA) rule filter Creating a user-defined TAA (IOA) rule based on event search conditions Importing a user-defined TAA (IOA) rule Enabling and disabling TAA (IOA) rules Modifying a user-defined TAA (IOA) rule Deleting user-defined TAA (IOA) rules

Page top