Managing Log Inspection rules via the Web Plug-in

To add and configure Log Inspection rules via the Web Plug-in:

  1. In the main window of Web Console, select DevicesPolicies & profiles.
  2. Click the policy name you want to configure.
  3. In the <Policy name> window that opens select the Application settings tab.
  4. Select the System Inspection section.
  5. Click Settings in the Log Inspection subsection.
  6. Configure the settings described in the table below.

    Log Inspection task settings

    Setting

    Description

    Apply custom rules for log inspection

    You can enable, disable, add, or modify the custom rules.

    The setting is available on the table is with the list of custom rules.

    Apply predefined rules for log inspection

    You can enable or disable the heuristic analyzer, which detects abnormal activity on the protected device.

    The setting is available on the table is with the list of custom rules.

    Detect brute-force attack if an incorrect password is entered with a frequency defined

    You can set the number of attempts and time frame used, which will be considered as triggers by the heuristic analyzer.

    Detect network logon, if logged on within a period defined

    You can indicate the start and end of the time interval during which Kaspersky Security for Windows Server treats sign-in attempts as abnormal activity.

    Users Exclusions

    You can specify users which will not trigger the heuristic analyzer.

    Excluded IP Addresses

    You can specify IP addresses which will not trigger the heuristic analyzer.

    Task management

    You can configure settings to start the task on a schedule.

Page top