Viewing the TAA (IOA) rule table

The table of user-defined TAA (IOA) rules contains information about TAA (IOA) rules that are used to scan events and create alerts; the table is in the User rules section, TAA subsection of the program web interface window.

The table contains the following information:

1.  —Importance level that is assigned to an alert generated using this TAA (IOA) rule.

   The importance level can have one of the following values:

   •  – Low.
   •  – Medium.
   •  – High.
2. Type is the type of the rule depending on the role of the server which generated it in distributed solution mode:
   • Global – the rule was created on the PCN server.
   • Local – the rule was created on an SCN server.
3. Confidence – level of confidence depending on the likelihood of false alarms caused by the rule:
   • High.
   • Medium.
   • Low.

   The higher the confidence, the lower the likelihood of false alarms.

4. Name – name of the rule.
5. Servers – name of the server with the Central Node component on which the rule is applied.
6. Generate alerts – requirement to store information on alerts based on matching an event from the database with criteria of the rule.
   • Enabled – a record is created for the event in the alerts table with Targeted Attack Analyzer (TAA) technology specified.
   • Disabled – not displayed in the alert table.
7. State – usage status of the rule in event scans:
   • Enabled – the rule is being used.
   • Disabled – the rule is not being used.

See also Creating a user-defined TAA (IOA) rule based on event search conditions Importing a user-defined TAA (IOA) rule Viewing custom TAA (IOA) rule details Searching for alerts and events in which TAA (IOA) rules were triggered Filtering and searching TAA (IOA) rules Resetting the TAA (IOA) rule filter Enabling and disabling TAA (IOA) rules Modifying a user-defined TAA (IOA) rule Deleting user-defined TAA (IOA) rules

Page top