You can load sets of Intrusion Detection rules from files into the application. Files containing descriptions of Intrusion Detection rules must be in the same folder and have the rules extension before you can load them into the application. The names of the files must not contain the following characters: \ / : * ? , " < > |
.
After loading Intrusion Detection rules from a file, the rules are saved in the application as a custom set of rules. The name of a rule set matches the name of the file from which this rule set was loaded.
When sets of rules are loaded from files, the current custom sets of rules are deleted from the table and replaced with the new ones. However, system sets of rules (whose Origin column shows the System value) are not deleted from the table.
Only users with the Administrator role can load custom sets of Intrusion Detection rules.
To load and replace custom sets of Intrusion Detection rules:
The table containing sets of rules displays the new custom sets of rules. For these sets of rules, the Origin column will show the User value. All sets of rules that have no detected errors will be enabled.
Information about detected errors is displayed in the Rules column. The OK status is displayed if there are no errors. If the set of rules contains errors, you can view detailed information about them by clicking the Details link. In Kaspersky Industrial CyberSecurity for Networks version 3.0.1, you can change the state of rule sets that are showing the Errors in some rules status.