Searching for alerts and events in which TAA (IOA) rules were triggered

To search and display alerts and events that were created by a user-defined TAA (IOA) rule triggering:

1. In the window of the application web interface, select the Custom rules section, TAA subsection.

   This opens the TAA (IOA) rule table.

2. Select the rule for which you want to view the triggering result.

   This opens a window containing information about the rule.

3. Do one of the following:
   • If you want to view alerts generated by the TAA (IOA) rule triggering, click Alerts to go to the alerts database.

     The alert table is opened in a new browser tab.

   • If you want to view events generated by the TAA (IOA) rule triggering, click Events to go to the events database.

     The event table is opened in a new browser tab.

To search and display alerts and events that were created by a Kaspersky TAA (IOA) rule triggering:

1. Select the Alerts section in the window of the application web interface.

   This opens the table of alerts.

2. Click the link in the Technologies column to open the filter configuration window.
3. In the drop-down list on the left, select Contain.
4. In the drop-down list on the right, select the (TAA) Targeted Attack Analyzer technology.
5. Click Apply.

   The table displays alerts generated by the TAA technology based on TAA (IOA) rules.

6. Select an alert for which the Detected column displays the name of the relevant rule.

   This opens a window containing information about the alert.

7. Under Scan results, click the link with the name of the rule to open the rule information window.
8. Do one of the following:
   • If you want to view alerts generated by the TAA (IOA) rule triggering, click Alerts to go to the alerts database.

     The alert table is opened in a new browser tab.

   • If you want to view events generated by the TAA (IOA) rule triggering, click Events to go to the events database.

     The event table is opened in a new browser tab.