Viewing custom TAA (IOA) rule details

To display information about the TAA (IOA) rule:

  1. In the window of the program web interface, select the Custom rules section, TAA subsection.

    This opens the TAA (IOA) rule table.

  2. Select the rule for which you want to view information.

This opens a window containing information about the rule.

The window contains the following information:

The Details tab shows the following information:

The Query tab displays the source code of the query being checked. Click the Run query link in the upper part of the window to go to the Threat Hunting section and run an event search query.

See also

Creating a TAA (IOA) rule based on event search conditions

Importing a TAA (IOA) rule

Viewing the TAA (IOA) rule table

Searching for alerts and events in which TAA (IOA) rules were triggered

Filtering and searching TAA (IOA) rules

Resetting the TAA (IOA) rule filter

Enabling and disabling TAA (IOA) rules

Modifying a TAA (IOA) rule

Deleting TAA (IOA) rules

Page top