Support

Support for business applications

Kaspersky Anti Targeted Attack (KATA) Platform

For security officers: Getting started with the application web interface

Managing TAA exclusions

Viewing the table of TAA (IOA) rules added to exclusions

Kaspersky Anti Targeted Attack (KATA) Platform
Нет результатов
Knowledge Base Online Help
FAQ Download Forum Contact support Recovery tools

Viewing the table of TAA (IOA) rules added to exclusions

8 November 2023

ID 247780

To view the table of TAA (IOA) rules added to exclusions:

  1. In the main window of the application web interface, select the Settings section, Exclusions subsection.
  2. Click the TAA exclusions tab.

The table of excluded TAA (IOA) rules is displayed. You can filter the rules by clicking links in column headers.

The table contains the following information:

  • Apt_icon_Importance_new —Importance level that is assigned to an alert generated using this TAA (IOA) rule.

    The importance level can have one of the following values:

    • Apt_icon_importance_low – Low.
    • Apt_icon_importance_medium – Medium.
    • Apt_icon_importance_high – High.
  • Type is the type of the rule depending on the role of the server which generated it:
    • Local—Created on the SCN server. These exclusions apply only to hosts that are connected to this SCN server. Exclusions belong to the tenant which the user is managing in the application web interface.
    • Global—Created on the PCN server. Exclusions apply to hosts that are connected to this PCN server and to all SCN servers that are connected to this PCN server. Exclusions belong to the tenant which the user is managing in the application web interface.
  • Confidence – level of confidence depending on the likelihood of false alarms caused by the rule:
    • High.
    • Medium.
    • Low.

    The higher the confidence level, the lower the likelihood of false alarms.

  • Exclude rule is the operating mode of the rule that is added to exclusions.
    • Always means the rule is always excluded. In this case, Kaspersky Anti Targeted Attack Platform does not mark events as matching the TAA (IOA) rule and does not create alerts based on that rule.
    • Based on conditions means the rule is excluded if a condition is added. In this case, the TAA (IOA) rule is supplemented by conditions in the form of a search query. Kaspersky Anti Targeted Attack Platform does not mark events that match specified conditions as matching the TAA (IOA) rules. For events that match the TAA (IOA) rule, but do not satisfy the conditions of the applied exclusion, the program marks the events and creates alerts.
  • Name is the name of the rule.

See also

Adding a TAA (IOA) rule to exclusions

Viewing a TAA (IOA) rule added to exclusions

Removing a TAA (IOA) rule from exclusions

Kaspersky Professional Services
Implementation services. Health check and security system configuration. Contact us if you need expert help.
Kaspersky Premium Support (MSA): High‑priority incident processing
Telephone and web ticket support. Fast response, monitoring and health check. Submit a request and activate the contract (MSA).
Did you find this article helpful?
What can we do better?
Thank you for your feedback! You're helping us improve.
Thank you for your feedback! You're helping us improve.