MDS

    [MDS] Management - Policy Settings (User-defined Rules)

    • Created :
    • Updated :

    1. Summary

    Set user-defined rules to detect processes or files according to dynamic and static conditions. The diagnostic name of the detection results detected according to the user-defined rules can be viewed from Detection Status and they will be displayed with higher priority than the diagnostic name detected by MDP engine.

     

    2. Menu tree

    mceclip0.png

     

    3. Contents

    Add User-defined Rules

    1) Default Settings

    mceclip0.png

    - Status: (Enable), (Disable) icons shows whether the user-defined rules are used in the detection. Click to change the status.

    - Rule Name: Name of the user-defined rules.

    - Severity: Severity of the detected user-defined rules satisfying both dynamic and static conditions are classified as High, Medium, Low.

    - Diagnostic Name: Name applied to detected user-defined rules.

     

    2) Condition Settings

    mceclip1.png

    - Target Object: A target object to detect. Only Current Process is detected with the dynamic condition and therefore this field cannot be changed.

    - Behavior: Select a type of behavior to detect from the target object. Select a type of behavior to detect from the target object. Depending on the selected behavior, the type and operator of Detailed Conditions varies.

    - Detailed Conditions: Click  to add detailed conditions for behaviors to be detected. If you add more than two conditions, AND will be applied. Note that the following types do not require adding of detailed conditions: Create File, Modify File, Delete File, File Rename, File Access, Create Process, Run Process, and Terminate Process. To delete an added detailed condition, click 

     

    mceclip2.png

    - Target Object: Select one among Current Process, Parent Process (The process running the current process), File Before Change, and File After Change.

    - Condition Type: Select a condition type to detect from the target object. The options vary depending on the type of target object. For more details, see Details of Input Value by Conditions

    - Operator: Defines if the entered value is true. The type of operator is identified as either string or integer (Number) according to the condition type. For more details about the operator, see the description of dynamic condition on step 5.   

    - Value: Select a value of condition. The value varies depending on the type of condition and if adding more than two, they are separated by AND. For more details, see Details of Input Value by Conditions.

    Was this article helpful?
    0 out of 0 found this helpful
    Return to top