Connect to the Kaspersky Industrial CyberSecurity for Networks Server through the web interface using the Administrator account.
In the Allow rules section, open the details area by clicking the Add rule link.
If you want to define the values of settings from a template, in the details area click the Use template button, select the necessary template in the opened window and click Apply.
In the details area, select the rule type corresponding to the relevant Interaction Control technology:
If you want to create a rule based on Network Integrity Control technology, click the NIC button.
If you want to create a rule based on Command Control technology, click the CC button.
In the Protocol field, specify the protocol for interaction between devices.
When the Protocol field is selected, a window opens showing the table of supported protocols displayed as a protocol stack tree. You can manage how tree elements are displayed by using the + and - buttons next to the names of protocols that contain protocols of subsequent layers.
If necessary, use the search field above the table to find relevant protocols.
To specify the protocol:
In the protocols table, select the protocol that you want to specify for the rule. To select the relevant protocol, click the button that is displayed in the left column of the protocols table.
For a Network Integrity Control rule, you can select any protocol that is displayed in the table of supported protocols. For a Command Control rule, you can select only a protocol from among the supported protocols for process control.
Click OK.
If you select a protocol that can be identified by the application based on the contents of network packets, a notification about this appears under the Protocol field.
If Command Control technology is selected for the rule, specify the relevant system commands in the Commands field.
When the Commands field is selected, a window opens with a list of system commands that are available for the selected protocol. To specify the commands:
In the list of system commands, select the check boxes next to the commands that should be allowed. If all commands should be allowed, you can either select all check boxes or clear all check boxes for all commands.
Click OK.
If necessary, enter additional information about the rule in the Comment field.
In the Side 1 and Side 2 settings groups, specify the editable address information for the participants (sides) of network interaction. Depending on the selected protocol (or set of protocols), address information may contain a MAC address, IP address, and/or port number.
To autofill the address information of a side of network interaction, you can select devices that are known to the application. To do so:
Open the device selection window by clicking the Specify device addresses link.
In the device selection window, select the check boxes next to the devices that you want to use.
The device selection window contains a table in which you can configure the layout and order of columns, and filter, search, and sort similarly to the devices table in the Assets section.
Click OK in the device selection window.
In the details area, click Save.
The application checks the current list of Interaction Control rules.
If the Interaction Control rules include an enabled rule in which all the settings match, you will see a warning about the presence of a matching rule. In this case, close the warning and change the settings of the created rule.
If the Interaction Control rules include an enabled rule with more general settings, you will see a warning about the presence of a general rule. If a general rule is present, a new specific rule will not be used in the application. The warning will contain a prompt to save the new specific rule. To create a new rule with defined settings, confirm your decision in the prompt window (for example, if you want to then remove the general rule).
The new rule will be added to the allow rules table.
If the Interaction Control rules include enabled rules with more specific settings, you will see a warning about the presence of more specific rules. After a general rule appears, the specific rules will not be used in the application. The warning will contain a prompt to remove the specific rules. To remove specific rules, confirm your decision in the prompt window.
If the rules table contains disabled rules with more specific or matching settings, the application removes these rules from the list. The application does not show a prompt when removing these rules.
If there is no enabled rule allowing network interaction between devices for a new rule based on Command Control technology, you will be prompted to create the corresponding rule based on Network Integrity Control technology. In this case, you are advised to create an additional rule together with the current rule being created. To do so, confirm your decision in the prompt window and perform the necessary actions to create a new rule based on Network Integrity Control technology.
Connect to the Kaspersky Industrial CyberSecurity for Networks Server through the web interface using the Administrator account.
In the Allow rules section, select the rule that you want to use as the basis for creating a new rule.
Right-click to open the context menu.
In the context menu, select Create rule based on the selected rule.
The details area in rule editing mode will appear in the right part of the web interface window. The settings of the new rule will take the values obtained from settings of the selected rule.
Change the settings as necessary. To do so, complete steps 4–9 described in the procedure for creating a rule with initially empty values of settings.
Connect to the Kaspersky Industrial CyberSecurity for Networks Server through the web interface using the Administrator account.
Select the Events section.
In the table of registered events, select the event that you want to use as the basis for creating an Interaction Control rule.
The details area appears in the right part of the web interface window.
In the details area, click the Create allow rule button.
The Allow rules section opens in the browser window. The details area in rule editing mode will appear in the right part of the web interface window. The new rule's settings will take the values received from the saved information about the event.
If necessary, edit the settings of the new rule. To do so, complete steps 4–9 described in the procedure for creating a rule with initially empty values of settings. If you do not need to change the settings of the new rule, save the rule by clicking the Save button.