Enabling Anomaly Detection using Sigma Rules

To enable Anomaly Detection using Sigma rules:

1. Do one of the following:
   • for a group of protected devices, open the application policy properties window.
     1. In the main Kaspersky Security Center Web Console window select Devices → Policies and profiles.
     2. Select the policy you want to configure.
     3. In the <Policy name> window that opens, select the Application settings tab.
   • for an individual protected device, open the application settings for the device.
     1. In the main Kaspersky Security Center Web Console window select Devices → Managed devices.
     2. Select the device for which you want to configure application settings.
     3. In the <Device name> window that opens, select the Applications tab.
     4. Select Kaspersky Endpoint Agent.
     5. In the Kaspersky Endpoint Agent window that opens, select the Application settings tab.
2. In the Anomaly Detection using Sigma rules section, select the Enable Anomaly Detection using Sigma rules check box.
3. Add one or more collections of Sigma rules.
4. Click the Save button.

   Kaspersky Endpoint Agent will search for anomalies using the enabled collections of Sigma rules.

See also Changing the state of a collection of Sigma rules

Page top