Adding an IDS rule to exclusions

You can exclude Kaspersky IDS rules with medium or high importance alerts from event scanning.

You can add to exclusions only IDS rules defined by Kaspersky. If you do not want to apply a user-defined IDS rule for event scanning, you can disable that rule or delete it.

To add an IDS rule to exclusions:

1. Select the Alerts section in the window of the program web interface.

   This opens the table of alerts.

2. Click the link in the Technologies column to open the filter configuration window.
3. In the drop-down list on the left, select Contains.
4. In the drop-down list on the right, select the (IDS) Intrusion Detection System technology.
5. Click Apply.
6. Click to expand the filter settings list.
7. Select one or both alert importance levels:
   • Medium—Alert has a medium level of importance.
   • High—Alert has a high level of importance.

   The table displays alerts of medium and/or high importance levels generated by the Intrusion Detection System technology based on IDS rules defined by Kaspersky.

8. Select an alert for which the Detected column displays the name of the relevant IDS rule.

   This opens a window containing information about the alert.

9. In the right part of the window, in the Recommendations section, Qualifying subsection, click Add to exclusions.

   This opens the Add IDS rule to exclusions window.

10. In the Description field, enter a description for the IDS rule.
11. Click Add.

The IDS rule is added to exclusions and is displayed in the exclusion list in the Settings section, Exclusions subsection on the IDS exclusions in the program web interface. This rule is no longer used for creating alerts.

Users with the Security auditor role cannot modify entries in the list of allowed objects.

Users with the Security officer role do not have access to the IDS exclusion list.

See also Viewing the list of IDS rules added to exclusions Editing the description of an IDS rule added to exclusions Removing a IDS rule from exclusions

Page top