Removing a TAA (IOA) rule from exclusions

Support

Support for business applications

Kaspersky Anti Targeted Attack (KATA) Platform

For security officers: Getting started with the application web interface

Managing TAA exclusions

Removing a TAA (IOA) rule from exclusions

8 November 2023

ID 247783

You can remove from exclusions a single TAA (IOA) rule, multiple rules, or all rules at the same time.

To remove a TAA (IOA) rule from exclusions:

In the application web interface window, select the Settings section, Exclusions subsection and go to the TAA exclusions tab.
The table of excluded TAA (IOA) rules is displayed.
Select the rule that you want to remove from exclusions.
This opens a window containing information about the rule.
Click Delete.
This opens the action confirmation window.
Click Yes.

The rule is removed from exclusions. The rule is applied when creating alerts or scanning events.

To remove all or multiple TAA (IOA) rules from exclusions:

In the application web interface window, select the Settings section, Exclusions subsection and go to the TAA exclusions tab.
The table of excluded TAA (IOA) rules is displayed.
Select check boxes next to rules that you want to remove from exclusions.
You can select all rules by selecting the check box in the row containing the headers of columns.
In the pane that appears in the lower part of the window, click Delete.
This opens the action confirmation window.
Click Yes.

The selected rules are removed from exclusions. The rules are applied when creating alerts or scanning events.

Users with the Security auditor and Security officer roles cannot remove TAA (IOA) rules from exclusions.

Did you find this article helpful?

What can we do better?

Thank you for your feedback! You're helping us improve.