Automatic generation of Interaction Control rules in learning mode

In learning mode, Kaspersky Industrial CyberSecurity for Networks automatically generates Interaction Control rules. The application creates a new rule if the detected network interaction does not match any rule in the allow rules table.

When creating a rule, the application defines the values of parameters that are received from traffic pertaining to a detected network interaction.

If a rule is being created for an interaction in which the IP address of one of the sides of communication is in a subnet known to the application, the application might not add MAC addresses detected together with this IP address to the rule settings. Detected MAC addresses for IP addresses of a subnet are added if the Ignore MAC addresses for NIC rules toggle is switched off in the subnet settings.

In learning mode, the application can automatically create Interaction Control rules that allow transmission of system commands for Kaspersky Industrial CyberSecurity for Nodes. These rules are needed for integration of Kaspersky Industrial CyberSecurity for Networks and Kaspersky Industrial CyberSecurity for Nodes within the integrated solution Kaspersky Industrial CyberSecurity. To automatically create rules prior to enabling learning mode, you must enable the PLC Project Integrity Check component on computers with Kaspersky Industrial CyberSecurity for Nodes installed in this same industrial network. For detailed information on enabling components of Kaspersky Industrial CyberSecurity for Nodes, please refer to the Administrator's Guide for Kaspersky Industrial CyberSecurity for Nodes.

Page top