Editing custom rules
To edit a custom IOA rule:
- In the main menu, go to MONITORING & REPORTING → CUSTOM RULES.
- In the Custom rules section that opens, go to the Custom IOA rules or Exclusions from Kaspersky rules tab.
- Open the custom IOA rule details or exclusion from Kaspersky rule details, and then edit the desired fields.
Clicking the Edit query button opens the query in the Threat hunting section. Change the search conditions in the query search box and save it.
Changing values in the Use or Action fields of Kaspersky rules creates exclusions from Kaspersky rules.
- Click the Save button.
The changes are saved.
Page top