Users with the Senior security officer role can enable or disable one or several rules, as well as all rules at once.
To enable or disable the use of a TAA (IOA) rule when scanning events:
This opens the TAA (IOA) rule table.
The use of the rule when scanning events is enabled or disabled.
To enable or disable the use of all or multiple TAA (IOA) rules when scanning events:
This opens the TAA (IOA) rule table.
You can select all rules by selecting the check box in the row containing the headers of columns.
A control panel appears in the lower part of the window.
The use of the selected rules when scanning events is enabled or disabled.
In distributed solution and multitenancy mode, you can manage only global YARA rules on the PCN server. You can manage local YARA rules on SCN servers of tenants to which you have access. If you want to use a local YARA rule to scan files and objects on the PCN server, you must upload a file containing this rule to the server.
Users with the Security auditor and Security officer roles cannot enable or disable YARA rules.