Modifying a user-defined TAA (IOA) rule

Users with the Senior security officer role can modify custom TAA (IOA) rules. Rules created by Kaspersky cannot be edited.

When working in distributed solution and multitenancy mode, you can edit only those TAA (IOA) rules that were created on the current server. Consequently, in the web interface of the PCN, you can edit only the rules that were created on the PCN. In the web interface of an SCN, you can edit only the rules that were created on the SCN.

To change a TAA (IOA) rule:

1. In the window of the program web interface, select the User rules section, TAA subsection.

   This opens the TAA (IOA) rule table.

2. Select the rule that you want to modify.

   This opens a window containing information about the rule.

3. Make the relevant changes.
4. Click Save.

The rule settings are modified.

Users with the Security auditor and Security officer roles cannot modify TAA (IOA) rules based on event search conditions.

See also Viewing the TAA (IOA) rule table Viewing the information of a user-defined TAA (IOA) rule Searching for alerts and events in which TAA (IOA) rules were triggered Filtering and searching TAA (IOA) rules Resetting the TAA (IOA) rule filter Creating a user-defined TAA (IOA) rule based on event search conditions Importing a user-defined TAA (IOA) rule Enabling and disabling TAA (IOA) rules Deleting user-defined TAA (IOA) rules

Page top