Support

Support for business applications

Kaspersky Anti Targeted Attack (KATA) Platform

For security officers: Getting started with the application web interface

Managing user-defined rules

Managing user-defined TAA (IOA) rules

Viewing the TAA (IOA) rule table

Kaspersky Anti Targeted Attack (KATA) Platform
Нет результатов
Knowledge Base Online Help
FAQ Download Forum Contact support Recovery tools

Viewing the TAA (IOA) rule table

8 November 2023

ID 247701

If you are using the distributed solution and multitenancy mode, use the web interface of the PCN or SCN server for which you want to configure parameters.

The table of user-defined TAA (IOA) rules contains information about TAA (IOA) rules that are used to scan events and create alerts; the table is in the Custom rules section, TAA subsection of the application web interface window.

The table contains the following information:

  1. Apt_icon_Importance_new —Importance level that is assigned to an alert generated using this TAA (IOA) rule.

    The importance level can have one of the following values:

    • Apt_icon_importance_low – Low.
    • Apt_icon_importance_medium – Medium.
    • Apt_icon_importance_high – High.
  2. Type is the type of the rule depending on the operating mode of the application and the role of the server which generated the rule:
    • Global—Created on the PCN server. These rules are used to scan events on this PCN server and all SCN servers connected to this PCN server. Scanned events belong to the tenant which the user is managing in the program web interface.
    • Local—Created on the SCN server. These rules are used to scan events on this SCN server. Scanned events belong to the tenant which the user is managing in the program web interface.
  3. Confidence – level of confidence depending on the likelihood of false alarms caused by the rule:
    • High.
    • Medium.
    • Low.

    The higher the confidence, the lower the likelihood of false alarms.

  4. Name – name of the rule.
  5. Servers are names of servers with the PCN or SCN role to which the rule applies.

    This column is displayed if you are using the distributed solution and multitenancy mode.

  6. Generate alerts – requirement to store information on alerts based on matching an event from the database with criteria of the rule.
    • Enabled – a record is created for the event in the alerts table with Targeted Attack Analyzer (TAA) technology specified.
    • Disabled – not displayed in the alert table.
  7. State – usage status of the rule in event scans:
    • Enabled – the rule is being used.
    • Disabled – the rule is not being used.

See also

Creating a TAA (IOA) rule based on event search conditions

Importing a TAA (IOA) rule

Viewing custom TAA (IOA) rule details

Searching for alerts and events in which TAA (IOA) rules were triggered

Filtering and searching TAA (IOA) rules

Resetting the TAA (IOA) rule filter

Enabling and disabling TAA (IOA) rules

Modifying a TAA (IOA) rule

Deleting TAA (IOA) rules

Kaspersky Professional Services
Implementation services. Health check and security system configuration. Contact us if you need expert help.
Kaspersky Premium Support (MSA): High‑priority incident processing
Telephone and web ticket support. Fast response, monitoring and health check. Submit a request and activate the contract (MSA).
Did you find this article helpful?
What can we do better?
Thank you for your feedback! You're helping us improve.
Thank you for your feedback! You're helping us improve.