Kaspersky Endpoint Detection and Response Expert
Creating custom IOA rules
Creating custom IOA rules
To create a new custom rule:
- In the main menu, go to MONITORING & REPORTING → CUSTOM RULES.
- Go to Custom IOA rules tab.
- Click the New rule button.
- In the window that opens, fill in the required fields and optional ones, if needed.
- Click the Create button.
The custom IOA rule is created. You can also create IOA rules from queries in the Threat hunting section. If you do not want to use a created rule for scanning events, you can disable or delete it.
Article ID: 221542, Last review: Mar 26, 2025