Support

Support for business applications

Kaspersky Endpoint Detection and Response Expert

Custom rules

Editing custom rules
Kaspersky Endpoint Detection and Response Expert
Online Help
Advice & Solutions FAQ Download Forum Contact support Recovery tools Product videos

Editing custom rules

March 20, 2024

ID 221546

To edit a custom IOA rule:

  1. In the main menu, go to MONITORING & REPORTING → CUSTOM RULES.
  2. In the Custom rules section that opens, go to the Custom IOA rules or Exclusions from Kaspersky rules tab.
  3. Open the custom IOA rule details or exclusion from Kaspersky rule details, and then edit the desired fields.

    Clicking the Edit query button opens the query in the Threat hunting section. Change the search conditions in the query search box and save it.

    Changing values in the Use or Action fields of Kaspersky rules creates exclusions from Kaspersky rules.

  4. Click the Save button.

The changes are saved.

Did you find this article helpful?
What can we do better?
Thank you for your feedback! You're helping us improve.
Thank you for your feedback! You're helping us improve.