Integration with KICS for Networks is enabled/disabled

Enables or disables integration of Kaspersky Industrial CyberSecurity for Linux Nodes with Kaspersky Industrial CyberSecurity for Networks.

The integration is disabled by default.

Execution prevention is enabled/disabled for objects

Enables or disables the use of execution prevention rules that the application receives from Kaspersky Industrial CyberSecurity for Networks.

This function is available if integration with KICS for Networks is enabled. The function is disabled by default.

KICS for Networks servers connection settings

In the settings block, you can select the protocol the application will use to send telemetry to the KICS for Networks server:

• Send telemetry via TCP. A bidirectional data transfer protocol. Selected by default.

  If this option is selected, the Configure button opens the Server connection settings window, where you can configure general settings for connecting to KICS for Networks servers, add the required KICS for Networks server certificate, and, if necessary, configure two-way authentication when connecting to KICS for Networks servers.

• Send telemetry via UDP. A unidirectional data transfer protocol. It can be used to send telemetry via a data diode set up between devices with Kaspersky Industrial CyberSecurity for Linux Nodes installed and KICS for Networks servers to prevent data from being sent to devices with Kaspersky Industrial CyberSecurity for Linux Nodes installed.

  If this option is selected, the Configure button opens the Server connection settings window, where you can, if necessary, configure encryption of telemetry sent via the UDP protocol to KICS for Networks servers.

KICS for Networks servers

The table contains a list of addresses and ports for connecting to KICS for Networks servers.

The Add button opens a window where you can add an address and port for connecting to the KICS for Networks server.

The application connects to the first available KICS for Networks server in the list if sending telemetry via TCP is configured, and to the first available KICS for Networks server in the list if sending telemetry via UDP is configured (server availability is not determined).

You can use the buttons above the table to edit and remove previously configured connection settings.

Maximum delay when sending events (sec)

The maximum delay in sending events to the KICS for Networks server in seconds.

The default value is 30.

Maximum number of events in one package

Maximum number of events in one package.

The default value is 1024.

Server poll frequency (sec)

Polling period of KICS for Networks servers in seconds.

The default value is 450.

Enable event throttling

Enables or disables the regulation of the number of events sent to the KICS for Networks server.

By default, event throttling is enabled.

Maximum number of events per hour

Maximum number of events per hour

The default value is 3000.

Event throttle threshold (percentage)

Event throttle threshold (percentage). Sending events is limited if ratio of events of one type (for example, events about registry changes) to the total number of events exceeds the set threshold (as a percentage).

The default value is 15.