Removing an IDS rule from exclusions

Support

Support for business applications

Kaspersky Anti Targeted Attack (KATA) Platform

For security officers: Getting started with the application web interface

Managing IDS exclusions

Removing an IDS rule from exclusions

8 November 2023

ID 247778

You can remove from exclusions a single IDS rule, multiple rules, or all rules at the same time.

To remove an IDS rule from exclusions:

In the program web interface window, select the Settings → Exclusions section and go to the IDS exclusions tab.
A list of excluded IDS rules is displayed.
Select the rule that you want to remove from exclusions.
This opens a window containing information about the rule.
Click Delete.
This opens the action confirmation window.
Click Yes.

The rule is removed from exclusions. The rule is no longer used for creating alerts.

To remove all or multiple IDS rules from exclusions:

In the program web interface window, select the Settings → Exclusions section and go to the IDS exclusions tab.
A list of excluded IDS rules is displayed.
Select check boxes next to rules that you want to remove from exclusions.
You can select all rules by selecting the check box in the row containing the headers of columns.
In the pane that appears in the lower part of the window, click Delete.
This opens the action confirmation window.
Click Yes.

The selected rules are removed from exclusions. The rules are no longer used for creating alerts.

Users with the Security auditor role cannot remove IDS rules from exclusions.

Users with the Security officer role do not have access to the IDS exclusion list.

Did you find this article helpful?

What can we do better?

Thank you for your feedback! You're helping us improve.