Viewing the prevention rule table

The table of prevention rules is in the Prevention section of the application web interface window.

The table contains the following information:

1. Type is the type of the rule depending on the operating mode of the application and the role of the server which generated the rule:
   • Global—Created on the PCN. These prevention rules apply to hosts that are connected to this PCN server and to all SCN servers that are connected to this PCN server. Prevention rules belong to the tenant which the user is managing in the program web interface.
   • Local—Created on the SCN server. These prevention rules apply only to hosts that are connected to this SCN server. Prevention rules belong to the tenant which the user is managing in the program web interface.
2. Name is the name of the prevention rule.
3. Created by—Name of the user whose account was used to create the rule.
4. File hash—Hashing algorithm applied to identify a file.

   A file can be identified based on one of the following hashing algorithms:

   • MD5.
   • SHA256.

   Clicking the link with the name of the hashing algorithm opens a list in which you can view the file hash and select one of the following actions:

   • Filter by this value.
   • Exclude from filter.
   • Find on TIP.

     Kaspersky information system Contains and displays reputation information for files and URL addresses.

   • Find on virustotal.com (for SHA256).
   • Find events.

     When this action is performed, the Threat Hunting section opens with events that are already filtered based on the hash you selected.

   • Find alerts.

     When this action is performed, the Alerts section opens with alerts that are already filtered based on the hash you selected.

   • Enable prevention rule.
   • Disable prevention rule.
   • Delete prevention rule.
   • Copy value to clipboard.
5. Servers are names of servers with the PCN or SCN role to which the prevention rule applies.

   This field is displayed if you are using the distributed solution and multitenancy mode.

   

   Operation mode in which Kaspersky Anti Targeted Attack Platform is used to protect the infrastructure of multiple organizations or branch offices of the same organization simultaneously.

   

   Two-level hierarchy of servers with Central Node components installed. This hierarchy allocates a primary control server (Primary Central Node (PCN)) and secondary servers (Secondary Central Nodes (SCN)).

6. Hosts is the name of the server with the Central Node component to whose hosts the prevention rule is applied.

   This field is displayed only when you are using a standalone Central Node server.

7. State is the current state of the prevention rule.

   A prevention rule can have one of the following states:

   • Enabled
   • Disabled

See also Managing policies (prevention rules) Configuring prevention rule table display Viewing a prevention rule Creating a prevention rule Importing prevention rules Enabling and disabling a prevention rule Enabling and disabling presets Deleting prevention rules Filtering prevention rules by name Filtering prevention rules by type Filtering prevention rules by file hash Filtering prevention rules by server name Clearing a prevention rule filter

Page top