Adding a TAA (IOA) rule to exclusions

You can add to exclusions only TAA (IOA) rules made by Kaspersky. If you do not want to apply a user-defined TAA (IOA) rule for scanning events, you can disable that rule or delete it.

To add a TAA (IOA) rule to exclusions from the Alerts section:

  1. Select the Alerts section in the window of the program web interface.

    This opens the table of alerts.

  2. Click the link in the Technologies column to open the filter configuration window.
  3. In the drop-down list on the left, select Contains.
  4. In the drop-down list on the right, select the (TAA) Targeted Attack Analyzer technology.
  5. Click Apply.

    The table displays alerts generated by the TAA technology based on TAA (IOA) rules.

  6. Select an alert for which the Detected column displays the name of the relevant rule.

    This opens a window containing information about the alert.

  7. Under Scan results, click the link with the name of the rule to open the rule information window.
  8. To the right of the TAA exclusions setting name, click Add to exclusions.

    This opens a window that allows you to add the TAA (IOA) rule to exclusions.

  9. Click Add.

The TAA (IOA) rule is added to exclusions and is displayed in the exclusion list in the Settings section, Exclusions subsection on the TAA exclusions tab in the program web interface. This rule is no longer used for creating alerts.

To add a TAA (IOA) rule to exclusions from the Threat Hunting section:

  1. Select the Threat Hunting section in the program web interface window.

    This opens the event search form.

  2. Define the search conditions and click the Search button. For example, you can select event search criteria in the TAA properties group in design mode.

    The table of events that satisfy the search criteria is displayed.

  3. Select an event.
  4. To the right of the IOA tags setting, click the name of the rule.

    This opens a window containing information about the rule.

  5. To the right of the TAA exclusions setting name, click Add to exclusions.

    This opens a window that allows you to add the TAA (IOA) rule to exclusions.

  6. Click Add.

The TAA (IOA) rule is added to exclusions and is displayed in the exclusion list in the Settings section, Exclusions subsection on the TAA exclusions tab in the program web interface. This rule is no longer applied when scanning events.

Users with the Security auditor and Security officer roles cannot add TAA (IOA) rules to exclusions.

See also

Viewing the list of TAA (IOA) rules added to exclusions

Viewing a TAA (IOA) rule added to exclusions

Removing a TAA (IOA) rule from exclusions
Page top