Support

Support for business applications

Kaspersky Endpoint Detection and Response Expert

Custom rules

Creating custom IOA rules
Kaspersky Endpoint Detection and Response Expert
Online Help
Advice & Solutions FAQ Download Forum Contact support Recovery tools Product videos

Creating custom IOA rules

March 20, 2024

ID 221542

To create a new custom rule:

  1. In the main menu, go to MONITORING & REPORTING → CUSTOM RULES.
  2. Go to Custom IOA rules tab.
  3. Click the New rule button.
  4. In the window that opens, fill in the required fields and optional ones, if needed.
  5. Click the Create button.

The custom IOA rule is created. You can also create IOA rules from queries in the Threat hunting section. If you do not want to use a created rule for scanning events, you can disable or delete it.

Did you find this article helpful?
What can we do better?
Thank you for your feedback! You're helping us improve.
Thank you for your feedback! You're helping us improve.