Enabling and disabling the automatic use of an IOC file when scanning hosts

Support

Support for business applications

Kaspersky Anti Targeted Attack (KATA) Platform

For security officers: Getting started with the application web interface

Managing user-defined rules

Managing user-defined IOC rules

Enabling and disabling the automatic use of an IOC file when scanning hosts

8 November 2023

ID 247426

You can enable or disable the automatic use of an IOC file for searching for indicators of compromise on hosts with the Endpoint Agent component.

To enable or disable the automatic use of an IOC file for searching for indicators of compromise on hosts with the Endpoint Agent component:

In the window of the program web interface, select the Custom rules section, IOC subsection.
This opens the table of IOC files.
In the row containing the IOC file whose use you want to enable or disable, in the State column, set the toggle switch to one of the following positions:
- Enabled
- Disabled

Automatic use of an IOC file for searching for indicators of compromise on hosts with the Endpoint Agent component is enabled or disabled.

Users with the Security auditor and Security officer roles cannot enable or disable automatic application of an IOC file.

Did you find this article helpful?

What can we do better?

Thank you for your feedback! You're helping us improve.