Adding a collection of Sigma rules

To add a collection of Sigma rules:

Do one of the following:
- for a group of protected devices, open the application policy properties window.
  1. In the main Kaspersky Security Center Web Console window select Devices → Policies and profiles.
  2. Select the policy you want to configure.
  3. In the <Policy name> window that opens, select the Application settings tab.
- for an individual protected device, open the application settings for the device.
  1. In the main Kaspersky Security Center Web Console window select Devices → Managed devices.
  2. Select the device for which you want to configure application settings.
  3. In the <Device name> window that opens, select the Applications tab.
  4. Select Kaspersky Endpoint Agent.
  5. In the Kaspersky Endpoint Agent window that opens, select the Application settings tab.
In the Anomaly Detection using Sigma rules section, click the Add button.
The Adding a rules collection window opens.
Use the Choose a rules collection drop-down list to do one of the following:
- Select one of the collections of Sigma rules supplied by Kaspersky.
- Select the Custom rules collection option to add a custom collection of Sigma rules.
If you are adding a custom collection of Sigma rules, enter a unique name for the collection in the corresponding field.
Click OK.

In the Settings of Anomaly Detection using Sigma rules section, a line appears with the name of the created rule collection, which is enabled by default (the toggle button to the left of the collection name is in the Enabled position). When you create a custom collection of Sigma rules, it does not contain any rules at first.