Managing IDS exclusions

Users with the Senior security officer role can add Kaspersky IDS rules to scan exclusions. Kaspersky Anti Targeted Attack Platform does not create alerts for excluded IDS rules.

You can add to exclusions only IDS rules defined by Kaspersky. If you do not want to apply a user-defined IDS rule when scanning, you can disable this rule or delete it.

If you want to configure a singular exclusion, for example, for a specific source address, you can:

1. Add Kaspersky IDS rules to scan exclusions.
2. Add a new rule based on the excluded Kaspersky rule to the list of user-defined IDS rules in one of the following ways:
   • If the system already has user-defined IDS rules, export a file with the rules and add a new rule to this file with conditions that narrow down the rule using the Suricata syntax.
   • If no user-defined IDS rules exist in the system yet, create a text file and add to it a rule with qualifying conditions using the Suricata syntax.
3. Import a file with the added rule.

Users with the Security auditor role can view the list of IDS rules added to exclusions, and view the properties of a selected rule.

Users with the Security officer role cannot view the list of IDS rules added to exclusions.