Managing settings of Anomaly Detection using Sigma rules

To manage settings of Anomaly Detection using Sigma rules through the command line interface of Kaspersky Endpoint Agent:

On the device, run a command line interpreter (for example, Command Prompt cmd.exe) with the permissions of the local administrator.
Using the cd command, navigate to the folder where the Agent.exe file is located.
For example, enter the command cd "C:\Program Files (x86)\Kaspersky Lab\Endpoint Agent\" and press ENTER.
Execute the following command:
agent.exe --sigma=<enable|disable|add|remove|show> [--collection=<rat|deltav|siemens|custom>] [--name=<collection name>] [--source=<full path to folder with YAML files>]

Press ENTER.

Command parameters for managing Anomaly Detection using Sigma rules

Parameter	Description
`--sigma=<enable\|disable\|add\|remove\|show>`	Required parameter. Specifies one of the following actions: `enable` – enable Anomaly Detection using Sigma rules `disable` – disable Anomaly Detection using Sigma rules `add` – add a collection of Sigma rules `remove` – remove a collection of Sigma rules `show` – display the current settings of Anomaly Detection using Sigma rules
`--collection=<rat\|deltav\|custom>`	This parameter is required if `--sigma=<add\|remove>` is specified. Specifies the type of Sigma rule collection to add or remove: `rat` – collection of rules for detecting administration tools `deltaV` – collection of rules for analyzing DeltaV logs `custom` – collection of custom rules
`--name=<collection name>`	This parameter is required if `--sigma=<add\|remove>` and `--collection=<custom>` are specified. Specifies the name of a collection of custom Sigma rules.
`--source=<full path to the folder with the YAML files>`	This parameter is required if `--sigma=<add>` and `--collection=<custom>` are specified. Specifies the full path to the folder with the YAML files that describe the custom Sigma rules.