Automatic generation of Interaction Control rules in learning mode

In learning mode, Kaspersky Industrial CyberSecurity for Networks automatically generates Interaction Control rules. The application creates a new rule if the detected network interaction does not match any rule in the allow rules table.

When creating a rule, the application defines the values of parameters that are received from traffic pertaining to a detected network interaction.

If a Network Integrity Control rule is being created for an interaction in which the IP address of one of the sides of communication is in a subnet known to the application, the application might not add MAC addresses detected together with this IP address to the rule settings. Detected MAC addresses for IP addresses of a subnet are added if the Ignore MAC addresses for NIC rules toggle is switched off in the subnet settings.

In learning mode, the application can automatically create Interaction Control rules that allow transmission of system commands for Kaspersky Industrial CyberSecurity for Nodes / Kaspersky Industrial CyberSecurity for Linux Nodes. These rules are needed for convenient joint use of applications within the integrated Kaspersky Industrial CyberSecurity solution. To automatically create rules prior to enabling learning mode, you must enable the PLC Project Integrity Check component on computers with Kaspersky Industrial CyberSecurity for Nodes / Kaspersky Industrial CyberSecurity for Linux Nodes installed in this same industrial network. For detailed information on enabling this component, please refer to the Help System for Kaspersky Industrial CyberSecurity for Nodes / Kaspersky Industrial CyberSecurity for Linux Nodes.