Enabling or disabling an IOA rule

You can enable or disable the use of a single rule or multiple rules, or all rules at the same time.

To enable or disable the use of an IOA rule when scanning the events database:

1. In the program web interface window, select the IOC/IOA Analysis section, IOA Analysis subsection.

   The table of IOA rules opens.

2. In the row with the relevant IOA rule, select or clear the check box in the State column.

Use of an IOA rule when scanning the events database is enabled or disabled.

To enable or disable the use of all or several IOA rules when scanning events:

1. In the program web interface window, select the IOC/IOA Analysis section, IOA Analysis subsection.

   The table of IOA rules opens.

2. Select the check boxes on the left of the rules whose use you want to enable or disable.

   You can select all rules by selecting the check box in the line containing the headers of columns.

   A control panel appears in the lower part of the window.

3. Click Enable or Disable to enable or disable all rules.

Use of the selected custom IOA rules when scanning events will be enabled or disabled.

These changes do not affect IOA rules defined by Kaspersky Lab. If you do not want to use a Kaspersky Lab IOA rule for scanning, add it to the white list.

See also Viewing the IOA rule table Viewing information about an IOA rule Adding an IOA rule Editing an IOA rule Deleting an IOA rule Viewing an IOA white list Viewing information about an IOA rule in the white list Adding an IOA rule to the white list Removing an IOA rule from the white list Viewing the IOA analysis results Filtering and searching IOA rules Clearing an IOA rules filter

Page top