Filtering Sigma rules within a collection of rules
Filtering Sigma rules within a collection of rules
August 27, 2024
ID 270613
If the number of Sigma rules in a collection is large and you need to display a list of Sigma rules with certain parameters, you can use a filter.
To filter the Sigma rules in a collection:
- Do one of the following:
- for a group of protected devices, open the application policy properties window.
- for an individual protected device, open the application settings for the device.
- In the Anomaly Detection using Sigma rules section, use the check box next to the name of a collection to select the collection to which you want to apply the rule filter.
- Click Edit.
The Modifying the collection rules window opens.
- Click the Filter button.
A window with filtering criteria opens.
- Specify the values of the filtering criteria you need:
- The А rule contains the text criterion selects rules based on a case-insensitive match of the fragment. You can enter any rule attribute and/or its value.
- The Rule state criterion selects rules based on their state.
- The Availability of exclusions criterion selects rules based on the presence of exclusions.
This criterion is available only for filtering rules in a collection supplied by Kaspersky.
- Click OK.
The rules that match the filtering criteria are displayed in the list of rules in the collection.
Did you find this article helpful?
What can we do better?
Thank you for your feedback! You're helping us improve.
Thank you for your feedback! You're helping us improve.