Editing the description of an IDS rule added to exclusions

To edit the description of an excluded IDS rule, in the Alerts section:

  1. Select the Alerts section in the window of the application web interface.

    This opens the table of alerts.

  2. Click the link in the Technologies column to open the filter configuration window.
  3. In the drop-down list on the left, select Contain.
  4. In the drop-down list on the right, select the (IDS) Intrusion Detection System technology.
  5. Click Apply.
  6. If you want to filter detections, click Apt_icon_Importance_new to expand the list of filtering parameters and select the required filter.
  7. Select an alert for which the Detected column displays the name of the relevant IDS rule.

    This opens a window containing information about the alert.

  8. In the right part of the window, in the Recommendations section, Qualifying subsection, click Edit IDS exclusion.

    This opens the Edit IDS exclusion window.

    In the Description field, edit the description of the rule.

    Click Save.

The description of the excluded IDS rule is changed. This rule is no longer used for creating alerts.

Users with the Security auditor role cannot edit IDS rule descriptions.

Users with the Security officer role do not have access to the list of IDS rules added to exclusions.

See also

Viewing the table of IDS rules added to exclusions

Adding an IDS rule to exclusions

Removing an IDS rule from exclusions
Page top