Enabling and disabling TAA (IOA) rules

Users with the Senior security officer role can enable or disable one or several rules, as well as all rules at once.

To enable or disable the use of a TAA (IOA) rule when scanning events:

1. In the window of the application web interface, select the Custom rules section, TAA subsection.

   This opens the TAA (IOA) rule table.

2. In the row with the relevant rule, select or clear the check box in the State column.

The use of the rule when scanning events is enabled or disabled.

To enable or disable the use of all or multiple TAA (IOA) rules when scanning events:

1. In the window of the application web interface, select the Custom rules section, TAA subsection.

   This opens the TAA (IOA) rule table.

2. Select the check boxes on the left of the rules whose use you want to enable or disable.

   You can select all rules by selecting the check box in the row containing the headers of columns.

   A control panel appears in the lower part of the window.

3. Click Enable or Disable to enable or disable all rules.

The use of the selected rules when scanning events is enabled or disabled.

In distributed solution and multitenancy mode, you can manage only global TAA (IOA) rules on the PCN server. You can manage local TAA (IOA) rules on SCN servers of tenants to which you have access.

Users with the Security auditor and Security officer roles cannot enable or disable TAA (IOA) rules.

See also Viewing the TAA (IOA) rule table Creating a TAA (IOA) rule based on event search conditions Importing a TAA (IOA) rule Viewing custom TAA (IOA) rule details Searching for alerts and events in which TAA (IOA) rules were triggered Filtering and searching TAA (IOA) rules Resetting the TAA (IOA) rule filter Modifying a TAA (IOA) rule Deleting TAA (IOA) rules

Page top