Configuring Security Audit task settings using a security and standards compliance configuration
This section provides information related to Kaspersky Endpoint Agent for Windows. This information may be partially or completely inapplicable to Kaspersky Endpoint Agent for Linux. For complete information about Kaspersky Endpoint Agent for Linux, please refer to the Help of the solution that includes the application: Kaspersky Anti Targeted Attack Platform or Kaspersky Managed Detection and Response.
The task can be run only if you have an active Kaspersky Industrial CyberSecurity for Node license key with an ICS Audit licensed object.
Security and standards compliance configurations are set and updated together with Kaspersky Endpoint Agent database and module updates. Accordingly, before you configure Security Audit task settingsusing a security and standards compliance configuration, update the application databases and modules.
To configure Security Audit task settings using a security and standards compliance configuration as the rule source:
In the main Kaspersky Security Center Web Console window select Devices → Tasks.
Open the task settings window by clicking the name of the Security Audit task.
Select the Application settings tab.
In the Source of rules section, select Security and standards compliance configuration for operating systems.
Click the Select rule configuration button.
In the window that opens, select one of the security and standards compliance configurations.
Click OK.
The Source of rules selection displays information about the selected security and standards compliance configuration. The Rules section displays the list of rules included in the security and standards compliance configuration selected as a source.
In the Advanced section, if necessary, configure settings for logging task completion events:
By default, the log is stored in the C:\Program Files\Kaspersky Lab\Kaspersky Security Center Web Console\logs folder.
The following logging levels are available:
Critical level – only Critical events
Warning level – only Critical and Warning events
Information level – all Critical, Warning and Information events
Debug level – all Critical, Warning, Information and Debug events
In the Rules section, review the list of rules included in the selected security and standards compliance configuration:
Click the rule name to open the rule description.
Click the Filter button to open the window for filtering rules.
If necessary, after reviewing the rules included in the selected security and standards compliance configuration, repeat steps 6, 7, and 9 of the guide to select a different configuration.