Viewing events marked by a Kaspersky TAA (IOA) rule

To view all events marked by the selected Kaspersky TAA (IOA) rule in the Alerts section:

1. Select the Alerts section in the window of the application web interface.

   This opens the table of alerts.

2. Click the link in the Technologies column to open the filter configuration window.
3. In the drop-down list on the left, select Contain.
4. In the drop-down list on the right, select the (TAA) Targeted Attack Analyzer technology.
5. Click Apply.

   The table displays alerts generated by the TAA technology based on TAA (IOA) rules.

6. Select an alert for which the Detected column displays the name of the relevant rule.

   This opens a window containing information about the alert.

7. Under Scan results, click the link with the name of the rule to open the rule information window.
8. This opens a window; in that window, click Events.

A table of events matching the selected TAA (IOA) rule is displayed.

To view all events marked by the selected Kaspersky TAA (IOA) rule in the Threat Hunting section:

1. Select the Threat Hunting section in the application web interface window.

   This opens the event search form.

2. Define the search conditions and click the Search button. For example, you can select event search criteria in the TAA properties group in builder mode.

   The table of events that satisfy the search criteria is displayed.

3. Select an event.
4. To the right of the IOA tags setting, click the name of the rule.

   This opens a window containing information about the rule.

5. This opens a window; in that window, click Events.

A table of events matching the selected TAA (IOA) rule is displayed.