Adding an Intrusion Detection rule to exclusions

You can exclude Kaspersky Intrusion Detection rules with medium or high importance alerts from event scanning.

You can add to exclusions only Intrusion Detection rules made by Kaspersky. If you do not want to apply a user-defined Intrusion Detection rule when scanning events, you can disable this rule or delete it.

To add an Intrusion Detection rule to exclusions:

1. Select the Alerts section in the window of the application web interface.

   This opens the table of alerts.

2. Click the link in the Technologies column to open the filter configuration window.
3. In the drop-down list on the left, select Contain.
4. In the drop-down list on the right, select the (IDS) Intrusion Detection System technology.
5. Click Apply.
6. If you want to filter detections, click to expand the list of filtering parameters and select the required filter.
7. Select an alert for which the Detected column displays the name of the relevant Intrusion Detection rule.

   This opens a window containing information about the alert.

8. In the right part of the window, in the Recommendations section, Qualifying subsection, click Add to exclusions.

   This opens the Add IDS rule to exclusions window.

9. In the Description field, enter a description for the Intrusion Detection rule.
10. Click Add.

The Intrusion Detection rule is added to exclusions and is displayed in the exclusion list in the Settings section, Exclusions subsection on the IDS tab in the application web interface. This rule is no longer used for creating alerts.

Users with the Security auditor role cannot modify entries in the list of allowed objects.

Users with the Security officer role do not have access to the list of Intrusion Detection rules added to exclusions.

See also Viewing the table of Intrusion Detection rules added to exclusions Editing the description of an Intrusion Detection rule added to exclusions Removing Intrusion Detection rules from exclusions

Page top